A rapidly developing software supply chain attack known as Miasma is one of the latest to move from targeting Red Hat npm packages to infecting numerous Microsoft GitHub repositories.
Cloudsmith researchers described the Miasma attack, noting it began after the compromise of the GitHub account of a Red Hat employee, which enabled attackers to use the GitHub OIDC token to deploy malicious packages in the @redhat-cloud-services namespace. Over 30 such compromised packages have been published in the npm registry to facilitate credential, identity, and CI/CD secrets theft.
The worm has progressed past package poisoning. According to researchers, Miasma can infect code repositories and propagate itself via popular tools such as Claude Code, Gemini CLI, Visual Studio Code, and Cursor. Once activated, it will try to steal credentials, insert malicious workflows into repositories, and create persistence in development environments.
The damage caused by the operation was extensive. Up to 73 GitHub repositories managed by Microsoft were infected and disabled by the threat actors, including Azure Function and Durable Task ecosystems. Security researchers assume threat actors may have exploited previously obtained access for this operation.
The main challenge in detecting miasma is that it uses legitimate credentials and software distribution channels to operate. The packages carrying the malicious code had legitimate credentials, and each payload was unique, making it very difficult to use traditional signature-based detection methods for identification. Moreover, attacks targeting cloud identities have been observed in both Azure and Google Cloud.
Researchers recommend that impacted companies immediately rotate the credentials of developers, CI/CD secrets, cloud access keys, and GitHub tokens. Auditing developer machines and the build environment, reviewing repository permissions, and managing third-party libraries throughout the software development lifecycle have also been recommended.
A single contributor should never hold write access
Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity at Suzu Labs, says: “Microsoft secured the PyPI publishing pipeline after the May 19 durabletask compromise. Moved to internal releases. Implemented trusted publishing. The same contributor account pushed a malicious commit to the same repo on June 5, indicating its GitHub credentials survived the remediation.
“Seventy-three repositories disabled in 105 seconds. Anyone using Azure/functions-action@v1 lost their CI/CD pipeline. The worm planted .claude/settings.json and .cursor/rules/ files that trigger code execution when a developer opens the repo in Cursor or Claude Code. One contributor token with write access to the durabletask ecosystem was all it took.”
Krell adds that TeamPCP open-sourced the worm toolkit behind this attack on May 12 with a $1,000 bounty for the biggest compromise. Microsoft got hit 7 days later and again on June 5. Credential rotation and access scoping are controls Microsoft’s own governance framework mandates. June 5 proved those controls failed.
“A single contributor should never hold write access across an entire project ecosystem whether compromised or not.”
Targeting trusted relationships
Rajeev Raghunarayan, Head of GTM, at Averlon, says: “Looking across recent supply chain attacks, each campaign has targeted a different trust relationship in the development ecosystem: LiteLLM poisoned what gets installed, TanStack hijacked the build process itself, and Miasma now triggers payloads the moment a developer opens a repository in a trusted coding tool.”
He says developer machines and CI/CD pipelines carry cloud keys, service principals, and Kubernetes secrets because they need them to do their job.” When those are harvested, the question isn’t just what was stolen. It’s what the attacker can now reach in the cloud environments those credentials connect to.
“Most organizations focus on rotating what was taken. Fewer ask what those credentials authenticated to, what systems they could reach, and whether any of those pathways were used before the rotation happened.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.