Supply Chain Attack Hits 32 Red Hat NPM Packages

https://www.securityweek.com/wp-content/uploads/2023/01/Cybersecurity_News-SecurityWeek.jpg

On Monday, hackers hit Red Hat’s NPM repository in a new supply chain attack, publishing malicious versions of 32 packages to distribute a credential-stealing worm.

Within a 72-second window, the threat actor published poisoned iterations across all 32 packages, likely using automation, ReversingLabs notes.

The affected packages cover the entire Red Hat Hybrid Cloud Console JavaScript ecosystem and have nearly 10 million collective downloads.

According to Aikido, the attackers likely compromised the CI/CD pipeline and used the GitHub Actions OIDC to publish the malicious package versions. ReversingLabs believes that the hackers had access to @redhat-cloud-services NPM scope credentials.

The packages contained a preinstall hook that led to the execution of malware during NPM install, before the package is imported or used.

The payload contains the string “Miasma: The Spreading Blight” and appears to be a variant of the Mini Shai-Hulud worm that TeamPCPused in several attacks against the...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more

https://images.ft.com/v3/image/raw/https%3A%2F%2Fd1e00ek4ebabms.cloudfront.net%2Fproduction%2F8939d009-5021-421f-ba69-864fdf4c21f5.jpg?source=next-article&fit=scale-down&quality=highest&wi...

Data centers offer US a chance to get ahead in the next key technologies and to build domestic supply chains based on demand rather than subsidies and tariffs

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.