Red Hat npm supply chain attack "Miasma" — 32 @redhat-cloud-services packages, SLSA bypass via OIDC abuse, new GCP/Azure identity collectors
The Miasma campaign is a supply chain attack targeting Red Hat npm packages under the @redhat-cloud-services namespace. Attackers used a compromised Red Hat employee's GitHub account to push malicious commits and abused GitHub Actions OIDC workflows to publish packages with valid SLSA provenance, bypassing supply chain verification. This attack highlights a weakness in the trust model of npm publishing workflows, where the build pipeline's trust boundary can be circumvented upstream. The campaign also includes new variants that collect cloud identities from GCP and Azure, escalating the threat beyond credential harvesting to active cloud access enumeration. Attribution remains uncertain, with possible links to the publicly released TeamPCP toolkit. No known exploits in the wild or official patches have been reported yet.
AI Analysis
Technical Summary
The Miasma supply chain attack compromised 32 npm packages in the @redhat-cloud-services namespace by leveraging a compromised Red Hat employee GitHub account. Attackers abused GitHub Actions OIDC to publish malicious packages with valid SLSA attestations, effectively bypassing supply chain verification mechanisms. This indicates that the trust boundary for SLSA was circumvented upstream in the build pipeline. Additionally, the attack includes new identity collectors targeting GCP and Azure cloud environments, representing an escalation from credential harvesting to active cloud resource enumeration. The campaign's attribution is unclear, possibly linked to the TeamPCP toolkit released publicly in May 2026. The attack raises concerns about the adequacy of current OIDC trust models in npm publishing workflows.
Potential Impact
The attack allowed malicious code to be published in trusted npm packages with valid supply chain attestations, potentially leading to widespread downstream compromise of software depending on these packages. The inclusion of new cloud identity collectors targeting GCP and Azure increases the risk of unauthorized cloud resource enumeration and potential further compromise. However, no known exploits in the wild have been reported at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Organizations should review their supply chain security practices, especially around GitHub Actions OIDC workflows and the trust boundaries of SLSA attestations. Restricting OIDC token usage to specific branches or workflows may reduce risk but may not fully prevent abuse if developer accounts are compromised. Monitoring for unusual GitHub activity and package publishing is recommended. Follow updates from Red Hat and npm regarding official fixes or mitigations.
Red Hat npm supply chain attack "Miasma" — 32 @redhat-cloud-services packages, SLSA bypass via OIDC abuse, new GCP/Azure identity collectors
Description
The Miasma campaign is a supply chain attack targeting Red Hat npm packages under the @redhat-cloud-services namespace. Attackers used a compromised Red Hat employee's GitHub account to push malicious commits and abused GitHub Actions OIDC workflows to publish packages with valid SLSA provenance, bypassing supply chain verification. This attack highlights a weakness in the trust model of npm publishing workflows, where the build pipeline's trust boundary can be circumvented upstream. The campaign also includes new variants that collect cloud identities from GCP and Azure, escalating the threat beyond credential harvesting to active cloud access enumeration. Attribution remains uncertain, with possible links to the publicly released TeamPCP toolkit. No known exploits in the wild or official patches have been reported yet.
Reddit Discussion
So I've been going through the Wiz, JFrog, and Aikido analyses of the Miasma campaign that dropped June 1. A few things are worth unpacking beyond the headlines.
The attack used a compromised Red Hat employee's GitHub account to push malicious commits directly, then triggered GitHub Actions OIDC to publish packages to npm with valid SLSA provenance. This is the part that should concern everyone: the packages passed supply chain verification because the build pipeline itself was injected upstream of the attestation step. SLSA didn't fail here — its trust boundary was just further back than people assumed.
The new GCP and Azure identity collectors in this Shai-Hulud variant also feel like a notable escalation. Previous versions were credential harvesters. This one is actively enumerating cloud access — which is a different kind of threat model.
Attribution is genuinely uncertain: TeamPCP published the toolkit publicly in May, so this could be a copycat. The "Miasma" branding (replacing Dune refs with Greek mythology) could support that. https://www.techgines.com/post/red-hat-npm-supply-chain-attack-miasma
I previously covered the original TeamPCP PyPI campaign here if you want background on the Shai-Hulud lineage: https://www.techgines.com/post/pytorch-lightning-supply-chain-attack-pypi-teampcp
Question for the community: given that OIDC trusted publishing was the attack vector here, what's actually the correct trust model for npm publishing workflows? Does restricting OIDC to specific branch patterns meaningfully reduce risk, or is a compromised developer account always going to find a way through?
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Miasma supply chain attack compromised 32 npm packages in the @redhat-cloud-services namespace by leveraging a compromised Red Hat employee GitHub account. Attackers abused GitHub Actions OIDC to publish malicious packages with valid SLSA attestations, effectively bypassing supply chain verification mechanisms. This indicates that the trust boundary for SLSA was circumvented upstream in the build pipeline. Additionally, the attack includes new identity collectors targeting GCP and Azure cloud environments, representing an escalation from credential harvesting to active cloud resource enumeration. The campaign's attribution is unclear, possibly linked to the TeamPCP toolkit released publicly in May 2026. The attack raises concerns about the adequacy of current OIDC trust models in npm publishing workflows.
Potential Impact
The attack allowed malicious code to be published in trusted npm packages with valid supply chain attestations, potentially leading to widespread downstream compromise of software depending on these packages. The inclusion of new cloud identity collectors targeting GCP and Azure increases the risk of unauthorized cloud resource enumeration and potential further compromise. However, no known exploits in the wild have been reported at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Organizations should review their supply chain security practices, especially around GitHub Actions OIDC workflows and the trust boundaries of SLSA attestations. Restricting OIDC token usage to specific branches or workflows may reduce risk but may not fully prevent abuse if developer accounts are compromised. Monitoring for unusual GitHub activity and package publishing is recommended. Follow updates from Red Hat and npm regarding official fixes or mitigations.
Technical Details
- Source Type
- Subreddit
- blueteamsec+AskNetsec+Information_Security
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":30,"reasons":["external_link","newsworthy_keywords:supply chain attack","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["supply chain attack"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a201811e29bf47b50af6532
Added to database: 6/3/2026, 12:03:29 PM
Last enriched: 6/3/2026, 12:03:37 PM
Last updated: 6/4/2026, 6:02:37 AM
Views: 18
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.