Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
Summary
A new supply chain attack campaign, codenamed Miasma, has compromised Red Hat npm packages to steal credentials and secrets. The attack uses install-time execution tactics to harvest credentials, target CI/CD systems, and exfiltrate data with a self-propagating worm.
IFF Assessment
This attack demonstrates a sophisticated supply chain compromise that can lead to credential theft and further spread, posing a significant risk to development environments and sensitive data.
Defender Context
This incident highlights the critical need for robust supply chain security, especially concerning open-source packages used in development pipelines. Defenders should scrutinize npm package integrity, implement strict access controls for CI/CD systems, and monitor for unusual credential usage or exfiltration attempts.