THREAT OPS › Threat News › Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages
Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages
A supply chain worm dubbed Miasma has been found in dozens of @redhat-cloud-services npm releases. The malicious preinstall hook steals credentials, probes cloud identities, and can republish other packages.
MITRE ATT&CK techniques
- CredentialsT1589.001