Four coordinated npm supply chain campaigns active in May–June 2026 — TTPs, IOCs, and detection notes
Four coordinated npm supply chain campaigns were active during May and June 2026, targeting the npm ecosystem with various sophisticated techniques including dependency confusion, namespace compromise, scope confusion, and typosquatting. These campaigns employ multi-stage postinstall execution chains that fetch and run platform-specific payloads, aiming to steal environment variables, CI/CD secrets, cloud metadata service tokens, and other sensitive credentials. The campaigns affect multiple platforms (Windows, macOS, Linux) and cloud environments (GCP, Azure). Detection relies on identifying version sentinels, cloud metadata endpoint access patterns, and characteristic postinstall behaviors. An open-source scanner with detection capabilities for these campaigns is available for community use.
AI Analysis
Technical Summary
This threat involves four distinct but coordinated npm supply chain attack campaigns observed in May–June 2026. The first campaign (Sonatype-2026-003429) uses dependency confusion with a complex execution chain that downloads and runs binaries in the background, targeting environment variables and CI/CD secrets. The second (Miasma) involves a compromised Red Hat employee GitHub account pushing unauthorized commits to RedHatInsights repositories, targeting cloud metadata services for GCP and Azure identities. The third campaign abuses internal corporate namespace scopes to publish inflated package versions, currently profiling SSH keys and environment variables with plans for exfiltration. The fourth uses typosquatting on OpenSearch/Elasticsearch packages, employing a legitimate Bun runtime loader to evade detection and targeting cloud metadata and secret management services. Detection strategies focus on version sentinel matching, cloud metadata endpoint access, and multi-stage postinstall behavior. An open-source detection tool is provided at https://github.com/lateos-ai/npm-scan.
Potential Impact
The campaigns enable attackers to execute arbitrary code during package installation, potentially leading to theft of sensitive environment variables, CI/CD secrets, cloud identity tokens, SSH keys, and internal network information. This can facilitate further compromise of development and deployment environments, cloud infrastructure, and secret management systems. The campaigns affect widely used npm packages and cloud platforms, increasing the risk of supply chain compromise and credential exposure.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory and the open-source scanner repository (https://github.com/lateos-ai/npm-scan) for current detection and remediation guidance. Users should employ detection tools that identify version sentinels, cloud metadata endpoint access patterns, and multi-stage postinstall behaviors as described. Monitoring for unusual package versions, especially in internal namespaces and typosquatted packages, is recommended. Since these campaigns rely on postinstall execution chains, restricting or auditing postinstall scripts in npm packages can help mitigate risk. Follow updates from trusted sources and vendors for official fixes or mitigations.
Four coordinated npm supply chain campaigns active in May–June 2026 — TTPs, IOCs, and detection notes
Description
Four coordinated npm supply chain campaigns were active during May and June 2026, targeting the npm ecosystem with various sophisticated techniques including dependency confusion, namespace compromise, scope confusion, and typosquatting. These campaigns employ multi-stage postinstall execution chains that fetch and run platform-specific payloads, aiming to steal environment variables, CI/CD secrets, cloud metadata service tokens, and other sensitive credentials. The campaigns affect multiple platforms (Windows, macOS, Linux) and cloud environments (GCP, Azure). Detection relies on identifying version sentinels, cloud metadata endpoint access patterns, and characteristic postinstall behaviors. An open-source scanner with detection capabilities for these campaigns is available for community use.
Reddit Discussion
Documenting four campaigns that hit npm over the last two weeks. Posting for community awareness — IOCs and behavioral patterns below.
Sonatype-2026-003429 — 176-package dependency confusion (May 28, 2026)
Tracked by Sonatype (full writeup). Sentinel versions: 99.99.99, 9.9.9, 9.9.10, 10.10.10, 11.11.11, 99.5.8. Execution chain: postinstall fingerprints host → fetches platform-specific JS payload → downloads and executes binary → spawns detached background process. Russian-language comments embedded in source. Cross-platform (Windows/macOS/Linux). Targets env vars, CI/CD secrets, auth tokens.
Miasma — @redhat-cloud-services namespace compromise (June 1, 2026)
Compromised Red Hat employee GitHub account used to push orphan commits to RedHatInsights repositories, bypassing code review. 32 package versions affected, ~80K weekly downloads. Payload self-identifies as “Miasma: The Spreading Blight” — a variant of the Mini Shai-Hulud framework. Notably targets GCP (metadata.google.internal/computeMetadata/v1) and Azure (169.254.169.254/metadata/instance) cloud identities rather than static .env files.
Yandex-aliased scope confusion — 33 packages, 9 org scopes (May 28–29, 2026)
Threat actor registered internal corporate namespace scopes (@cloudplatform-single-spa, @sber-ecom-core, @data-science) and published with inflated versions to beat CI/CD resolution. Currently operating in hardcoded RECON_ONLY mode — profiling SSH keys, env vars, hostnames, internal network paths. Designed to pivot to full exfiltration once high-value targets are fingerprinted.
OpenSearch/Elasticsearch typosquatting — 14 packages (May 28, 2026)
Actor cloned upstream OpenSearch repo URLs in package.json to pass casual inspection. Gen-2 variant uses a legitimate Bun runtime GitHub Release as a binary loader to bypass Node-specific behavior analytics. Targets IMDSv2, ECS task roles, and HashiCorp Vault secrets.
Detection notes: Version sentinel matching, GCP/Azure IMDS endpoint patterns, and two-stage postinstall behavior (remote fetch → binary exec → detached spawn) are the most reliable static signals across all four campaigns. We added detectors for these patterns to our open-source scanner if useful: https://github.com/lateos-ai/npm-scan
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This threat involves four distinct but coordinated npm supply chain attack campaigns observed in May–June 2026. The first campaign (Sonatype-2026-003429) uses dependency confusion with a complex execution chain that downloads and runs binaries in the background, targeting environment variables and CI/CD secrets. The second (Miasma) involves a compromised Red Hat employee GitHub account pushing unauthorized commits to RedHatInsights repositories, targeting cloud metadata services for GCP and Azure identities. The third campaign abuses internal corporate namespace scopes to publish inflated package versions, currently profiling SSH keys and environment variables with plans for exfiltration. The fourth uses typosquatting on OpenSearch/Elasticsearch packages, employing a legitimate Bun runtime loader to evade detection and targeting cloud metadata and secret management services. Detection strategies focus on version sentinel matching, cloud metadata endpoint access, and multi-stage postinstall behavior. An open-source detection tool is provided at https://github.com/lateos-ai/npm-scan.
Potential Impact
The campaigns enable attackers to execute arbitrary code during package installation, potentially leading to theft of sensitive environment variables, CI/CD secrets, cloud identity tokens, SSH keys, and internal network information. This can facilitate further compromise of development and deployment environments, cloud infrastructure, and secret management systems. The campaigns affect widely used npm packages and cloud platforms, increasing the risk of supply chain compromise and credential exposure.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory and the open-source scanner repository (https://github.com/lateos-ai/npm-scan) for current detection and remediation guidance. Users should employ detection tools that identify version sentinels, cloud metadata endpoint access patterns, and multi-stage postinstall behaviors as described. Monitoring for unusual package versions, especially in internal namespaces and typosquatted packages, is recommended. Since these campaigns rely on postinstall execution chains, restricting or auditing postinstall scripts in npm packages can help mitigate risk. Follow updates from trusted sources and vendors for official fixes or mitigations.
Technical Details
- Source Type
- Subreddit
- netsec
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":36,"reasons":["external_link","newsworthy_keywords:campaign,ioc,ttps","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["campaign","ioc","ttps"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a1f2c81e29bf47b50f591ff
Added to database: 6/2/2026, 7:18:25 PM
Last enriched: 6/2/2026, 7:18:34 PM
Last updated: 6/2/2026, 8:41:45 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.