Infected Red Hat npm packages expose developer credentials
Summary
A new supply chain attack, dubbed Miasma, has compromised over 30 Red Hat Cloud Services-related npm packages, inserting a worm designed to steal developer credentials and authentication tokens. The malware, an evolution of the Shai-Hulud family, also expands its scope to collect cloud identities from Google Cloud and Azure. While most of the infected packages have been removed, the attack highlights ongoing risks in the software supply chain.
IFF Assessment
This article details a successful supply chain attack that compromises trusted packages to steal sensitive developer information, posing a significant risk to organizations.
Defender Context
This incident serves as a stark reminder of the persistent threats within software supply chains. Defenders should remain vigilant about dependencies, implement robust code scanning and integrity checks, and enforce strict access controls on CI/CD pipelines to mitigate similar risks.