THREATOPS
THREAT OPSThreat News › What the Miasma campaign reveals about the new supply chain threat model and the underground market for developer credentials

What the Miasma campaign reveals about the new supply chain threat model and the underground market for developer credentials

medtenablePublished 2026-06-23

<p>A stolen session cookie sat in underground markets for seven weeks before attackers used it to poison 32 Red Hat packages in the npm software registry, an example of the industrial approach behind modern supply chain attacks.</p><div class="blog-see-also"><div class="col-sm-12"><h2>Key takeaways</h2><ol><li>Miasma is a self-propagating npm worm derived from <a href="https://www.tenable.com/blog

Attributed threat actors

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.tenable.com/blog/what-the-miasma-campaign-reveals-about-the-new-supply-chain-threat-model-and-the-underground