THREAT OPS › Threat News › Miasma Returns: Leo Platform Compromise in npm
Miasma Returns: Leo Platform Compromise in npm
<div class="hs-featured-image-wrapper"> <a class="hs-featured-image-link" href="https://www.sonatype.com/blog/miasma-returns-leo-platform-compromise-in-npm" title=""> <img alt="Image with text "Leo Platform Compromise: Miasma is back" next to skull icon." class="hs-featured-image" src="https://www.sonatype.com/hubfs/blog_miasma_leo_platform.png" style="width: auto !important; float: le
MITRE ATT&CK techniques
- JavaScriptT1059.007
- Supply Chain CompromiseT1195
- Shell HistoryT1552.003
- CredentialsT1589.001
- Malicious PackageAML.T0011.001
Indicators of compromise
- https://guide.sonatype.com/vulnerability/sonatype-2026-004261url
- https://www.stepsecurity.io/blog/mass-npm-supply-chain-attack-20-leo-platform-packages-compromisedurl
- https://www.ox.security/blog/alright-lets-see-if-this-works-shai-hulud-miasma-hades-variant-spreads-on-npmurl
- https://www.endorlabs.com/learn/shai-hulud-strikes-leo-platform-npmurl
- https://www.npmjs.com/~llxlrurl
- track.hubspot.comdomain
- 2fwww.sonatype.comdomain
- 252fwww.sonatype.comdomain