What Happened
In early 2025, attackers compromised a GitHub account with publishing access to Red Hat's @redhat-cloud-services npm namespace. They injected the Miasma malware into over 30 packages, which are downloaded approximately 117,000 times weekly as internal development tools. The malware targeted developer credentials, SSH keys, AWS tokens, and other sensitive authentication materials. Red Hat confirmed that no customer environments were affected; the breach was limited to internal tools.
This attack is part of the larger Shai-Hulud malware campaign, which has compromised 309 GitHub repositories so far.
Timeline
Initial Compromise: An attacker gained control of a GitHub account with npm publishing rights to the @redhat-cloud-services namespace.
Malicious Packages Published: Compromised versions of over 30 packages containing the Miasma malware were published. Each package included code to exfiltrate developer secrets.
Detection and Response: Red Hat discovered the breach through internal monitoring, revoked the affected account's access, and began removing malicious package versions from npm.
Containment: The breach was confirmed to be isolated to internal development tools, with no impact on customer environments.
Which Controls Failed or Were Missing
GitHub Account Security: The compromised account either lacked multi-factor authentication (MFA) or the MFA was bypassed. Use hardware security keys for accounts with write access to production namespaces.
Privileged Access Monitoring: Red Hat's systems failed to detect or block the malicious package publications in real-time. Automated reviews should be triggered for namespaces with high download volumes.
Package Signing and Verification: The npm ecosystem does not enforce mandatory package signing. Even with internal signing, npm's infrastructure does not verify packages before download.
Dependency Pinning: Teams likely used version ranges, allowing automatic updates to pull in compromised versions without review.
Network Egress Controls: The malware exfiltrated credentials, indicating a lack of egress filtering to block connections to unknown command-and-control infrastructure.
What the Standards Require
NIST 800-53 Rev 5 IA-2(1) mandates multi-factor authentication for privileged accounts. Use hardware security keys (FIDO2) to resist phishing and malware-based MFA bypass attacks.
NIST 800-53 Rev 5 CM-3 requires configuration change control with automated enforcement. Publishing a package should trigger approval workflows for high-impact namespaces.
NIST 800-53 Rev 5 SI-7 addresses software integrity verification. Implement internal controls: maintain a private registry mirror, verify package hashes, and use tools like Socket or Snyk to scan for malicious code.
NIST Cybersecurity Framework v2.0 PR.DS-6 covers integrity checking mechanisms. Your CI/CD pipeline should verify package integrity using lock files with cryptographic hashes.
ISO/IEC 27001:2022 Annex A.8.23 requires web filtering. Developer workstations need egress controls to block connections to newly-registered domains and known malicious infrastructure.
Lessons and Action Items for Your Team
Implement hardware security keys for all GitHub accounts with publishing rights. Deploy YubiKeys or similar FIDO2 devices. Disable SMS and TOTP authentication for these accounts.
Build publishing approval workflows. Use GitHub Actions with required reviews before any package version reaches npm. Require two approvers for high-impact packages.
Run your own registry mirror with scanning. Use tools like Verdaccio or Sonatype Nexus to proxy npm while scanning for malicious code. Block direct access to registry.npmjs.org.
Pin dependencies with integrity hashes. Replace version ranges with exact versions in package.json. Commit your lock file and configure CI to fail if it changes without approval.
Monitor for suspicious package updates. Set alerts for unexpected package updates. Investigate packages that suddenly push multiple versions.
Implement egress filtering on developer workstations. Use DNS filtering to block connections to newly-registered domains and known malware infrastructure.
Audit your npm namespace permissions quarterly. Review publishing access and remove accounts for departed employees immediately.
The Red Hat breach highlights the need for robust supply-chain security measures in software development, focusing on internal tooling and access controls. Fixing any single point in this chain—MFA, publishing approval, registry scanning, egress filtering—could block the attack. Implement all of them for a defense-in-depth strategy that withstands individual control failures.
