Home | Blog | Miasma Supply Chain Attack: the Seven-Week Credential Trail

Miasma Supply Chain Attack: the Seven-Week Credential Trail

Written by: Orlaith Traynor

5 min readJune 2, 2026

On 1 June 2026, researchers at Wiz identified a supply chain attack affecting 32 official packages published under the @redhat-cloud-services npm namespace, a set of frontend components and API clients that power the Red Hat Hybrid Cloud Console. The compromised packages had cumulative downloads of roughly 80,000 per week, which made the blast radius significantly larger than Red Hat’s own pipelines. The attack itself was serious. The detail that should keep security leaders awake is that the credentials used to publish those malicious packages had been sitting in infostealer logs for nearly seven weeks before they were ever weaponized.

This post looks at what happened on 1 June, what the seven-week credential trail tells us about modern supply chain risk, and what good visibility actually looks like in 2026.

What happened on 1 June 2026

The campaign has been named Miasma, and the payload embedded across the affected packages is a lightly modified descendant of the Mini Shai-Hulud worm that the threat actor group TeamPCP open-sourced earlier this year. Once installed, the worm runs a preinstall script that executes the moment a package is added to a project, harvesting developer and cloud credentials and attempting to spread itself by republishing backdoored versions of other packages the victim account can publish to.

The first wave of malicious releases went out from the @redhat-cloud-services namespace on the morning of 1 June, followed by a second wave a few hours later as the attackers refined their payload. By the time advisories from Wiz, Snyk, Aikido, and others had circulated, npm had revoked most of the malicious versions, with a couple still live at the time of writing. Investigation continues. The Wiz analysis identified Azure and GCP cloud identity collectors in the payload that were not present in earlier Mini Shai-Hulud variants, which suggests the operators are now interested in gaining access to the cloud environments themselves rather than simply harvesting secrets from them.

The published packages were signed and shipped through GitHub Actions OIDC, which means the CI/CD pipeline itself was the abused trust path rather than a stolen npm token. This is a meaningful distinction. The pipeline behaved exactly as designed. The credentials inside it had been compromised long before they were used.

The seven-week credential trail

This is the part of the story that matters most for security teams.

When dark web monitoring firm Whiteintel reviewed its infostealer log archive after the Miasma disclosure, it found that the Red Hat employee whose GitHub credentials and active session cookie were used to publish the malicious packages had been compromised by infostealer malware months earlier. The credentials and the session cookie appeared in stealer logs on 13 April and again on 15 May 2026. The compromise took place on a personal or work device infected by an infostealer that exfiltrated saved browser credentials, cookies, and tokens to a criminal marketplace.

Read those dates carefully. Forty-eight days passed between the first appearance of the compromised credentials in stealer logs and the attack on 1 June. The session cookie alone, which would have bypassed multi-factor authentication entirely, was visible for nearly seven weeks. Anyone monitoring stealer logs for Red Hat-tied credentials would have seen this coming.

The lesson here is uncomfortable but not new. Credentials harvested by infostealer malware are not used in real time. They are sold, resold, packaged into combo lists, and trickled into ransomware and supply chain operations over the following weeks and months. The Miasma attack is not a story about a fast-moving attacker. It is a story about a slow-burning credential exposure that nobody noticed until it lit something on fire.

Why supply chains are now the attack chain

Miasma fits a pattern that has accelerated through 2025 and into 2026. Aikido reported that the same TeamPCP tooling has been linked this year to compromises affecting Mistral, TanStack, Microsoft’s Durable Task, PyTorch Lightning, Bitwarden CLI, and Intercom. Since the underlying malware was open-sourced, other threat actors now have access to the same techniques and can replicate or adapt them with very little effort.

The shift matters because of how thoroughly the modern enterprise depends on the open-source supply chain. A single compromised npm package can ripple through hundreds of downstream organisations within hours, particularly when the package sits inside a popular framework or cloud console. The World Economic Forum’s Global Cybersecurity Outlook 2026 reports that 65% of large companies now name third-party and supply chain vulnerabilities as their single greatest challenge to cyber resilience, a jump from 54% the previous year. Only 33% comprehensively map their supply chain ecosystems, which means the visibility gap is widening at exactly the moment the threats are accelerating.

The attackers know this. The Miasma payload’s new focus on cloud identity collection suggests the operators are planning for a world where the initial supply chain compromise is just step one of a much longer chain that ends inside someone’s Azure or GCP tenant.

What good visibility actually looks like

The Miasma attack is a useful test of an organisation’s external threat intelligence posture, because it would have been detectable on multiple layers if anyone had been watching.

Credential intelligence. The infostealer logs containing the compromised Red Hat session cookie were available on dark web sources for nearly seven weeks before the attack. Continuous monitoring of stealer logs against employee email domains and key partner organisations would have surfaced the exposure long before the campaign launched. This is not theoretical. It is exactly what CybelAngel’s Credential Intelligence module is designed to do.

Dark web monitoring. TeamPCP’s tooling and the Mini Shai-Hulud lineage have been discussed on underground forums for months. Organisations with active dark web monitoring would have seen the increasing chatter around the same set of TTPs being deployed against multiple open-source projects through spring 2026.

CI/CD trust scoping. OIDC-signed packages from a known publisher passed every automated check the npm ecosystem could throw at them, because nothing in the pipeline knew that the underlying GitHub session had been hijacked. Organisations that scope their trust to source repository state at publication time, rather than to the publisher identity, would have caught the unexpected payload changes between versions 4.0.3 and 4.0.4 of the affected packages. The legitimate version of the package was 7.9 KB. The malicious version was 4.3 MB.

Supply chain inventory. Many organisations that depend on @redhat-cloud-services packages did not know they depended on them, because the dependencies sit several layers deep in their build trees. A current inventory of transitive dependencies, refreshed often enough to be useful, is now table stakes rather than a nice-to-have.

The good news is that all four of these capabilities are mature, well-understood, and accessible. The bad news is that few organisations run all four together as a single coordinated workflow. Miasma will not be the last supply chain attack that follows this pattern. The credential trails for the next one are almost certainly already visible in dark web telemetry today.

FAQs

Miasma is a credential-stealing worm embedded in 32 compromised npm packages published under the @redhat-cloud-services namespace on 1 June 2026. The malware is a variant of the Mini Shai-Hulud worm originally developed by TeamPCP and harvests developer credentials, cloud tokens, and Azure and GCP identities from any machine that installs an affected package version. The compromise was first identified by Wiz Research and confirmed by Snyk, Aikido, and Socket within hours.

The attackers used valid GitHub credentials and an active session cookie belonging to a Red Hat employee, which had been exposed in infostealer logs as early as 13 April 2026. Because the packages were signed through GitHub Actions OIDC, they passed automated trust checks and shipped to roughly 80,000 weekly downloaders before npm revoked the malicious versions.

Continuous dark web and credential intelligence monitoring would have surfaced the Red Hat credentials nearly seven weeks before the attack. Beyond that, organisations should maintain a refreshed inventory of transitive dependencies, scope CI/CD trust to source repository state rather than publisher identity, and run regular supply chain risk assessments against the open-source ecosystems their build pipelines depend on. For a deeper look at how modern attackers chain credential exposure into supply chain compromise, see our 2026 dark web guide.

Aikido has linked the same TeamPCP tooling to compromises affecting Mistral, TanStack, Microsoft’s Durable Task, PyTorch Lightning, Bitwarden CLI, and Intercom across 2025 and 2026. Since the underlying malware was open-sourced earlier this year, more attackers are expected to deploy variants of it through the second half of 2026.

CybelAngel monitors infostealer logs, dark web forums, and underground marketplaces for compromised credentials tied to your organisation and its key partners. If a Miasma-style attack is being staged against you right now, the trail is almost certainly visible. Our analyst team can help you find it before it becomes the next 1 June 2026 headline.

About the author

Orlaith Traynor

Orlaith is a Paris-based B2B content marketing strategist specializing in cybersecurity and tech, with deep expertise in SEO, AEO, editorial planning, and CMS management. Having led content at companies like CybelAngel and PhantomBuster, she helps technology brands create content strategies that drive organic visibility and buyer trust in competitive markets.

read all the articles