Verticals Targeted: Software Development
Regions Targeted: Global
Related Families: Miasma, Mini Shai-Hulud
Executive Summary
Miasma is a software supply chain malware campaign targeting developer ecosystems, CI/CD pipelines, GitHub repositories, and open-source package registries. Earlier this month, researchers identified a compromise affecting at least 32 packages and more than 90 malicious package versions published under the @redhat-cloud-services npm namespace. Collectively, the affected packages averaged approximately 80,000 weekly downloads. The campaign abused GitHub Actions OpenID Connect (OIDC) trusted publishing workflows to distribute malicious packages with valid provenance attestations, demonstrating how legitimate software supply chain trust mechanisms can be weaponized following compromise of upstream development infrastructure. Miasma harvests GitHub credentials, cloud identities, CI/CD secrets, SSH keys, and other sensitive developer assets that could facilitate compromise of additional repositories, software packages, and development environments. The campaign highlights the increasing sophistication of attacks targeting software development infrastructure rather than traditional end-user systems.
