Supply-chain campaign in the Shai-Hulud worm lineage, a variant of / derived from Mini Shai-Hulud (TeamPCP-attributed). Also tracked by other researchers as the "Hades Campaign" (confirmed external alias / cross-reference name; like the "Miasma" name itself, it is an external label, not a string recovered in plaintext from any decoded artifact). As of 2026-06-08 the authoritative consolidated package list spans two ecosystems: npm (106 packages / 411 versions across the June 1 Trusted-Publishing @redhat-cloud-services wave and the June 3 Phantom Gyp Arm A) and PyPI (26 packages / 45 versions, newly surfaced and expanded). The PyPI package identities and versions are authoritative (HIGH CONFIDENCE), but the PyPI delivery mechanism, payload, and entry vector have NOT been analyzed (OBSERVED, not characterized); attribution of the PyPI packages to the Miasma payload is by authoritative-list inclusion only. The campaign-identifier string "Miasma: The Spreading Blight" was not recovered in plaintext from the June 1 sample but is corroborated by the June 3 liuende501 exfil account repo descriptions.
Objective
Steal developer, cloud, registry, and application credentials through malicious package execution and self-propagate via stolen tokens and trusted-publishing abuse.
Related campaigns
Packages
- npm @redhat-cloud-services/compliance-clientattributed-to
- npm @redhat-cloud-services/config-manager-clientattributed-to
- npm @redhat-cloud-services/entitlements-clientattributed-to
- npm @redhat-cloud-services/host-inventory-clientattributed-to
- npm @redhat-cloud-services/insights-clientattributed-to
- npm @redhat-cloud-services/integrations-clientattributed-to
- npm @redhat-cloud-services/notifications-clientattributed-to
- npm @redhat-cloud-services/patch-clientattributed-to
- npm @redhat-cloud-services/quickstarts-clientattributed-to
- npm @redhat-cloud-services/rbac-clientattributed-to
- npm @redhat-cloud-services/remediations-clientattributed-to
- npm @redhat-cloud-services/javascript-clients-sharedattributed-to
- npm @redhat-cloud-services/sources-clientattributed-to
- npm @redhat-cloud-services/topological-inventory-clientattributed-to
- npm @redhat-cloud-services/vulnerabilities-clientattributed-to
- npm @redhat-cloud-services/chromeattributed-to
- npm @redhat-cloud-services/eslint-config-redhat-cloud-servicesattributed-to
- npm @redhat-cloud-services/frontend-componentsattributed-to
- npm @redhat-cloud-services/frontend-components-advisor-componentsattributed-to
- npm @redhat-cloud-services/frontend-components-configattributed-to
- npm @redhat-cloud-services/frontend-components-config-utilitiesattributed-to
- npm @redhat-cloud-services/frontend-components-notificationsattributed-to
- npm @redhat-cloud-services/frontend-components-remediationsattributed-to
- npm @redhat-cloud-services/frontend-components-testingattributed-to
- npm @redhat-cloud-services/frontend-components-translationsattributed-to
- npm @redhat-cloud-services/frontend-components-utilitiesattributed-to
- npm @redhat-cloud-services/rule-componentsattributed-to
- npm @redhat-cloud-services/tsc-transform-importsattributed-to
- npm @redhat-cloud-services/typesattributed-to
- npm @redhat-cloud-services/hcc-feo-mcpattributed-to
- npm @redhat-cloud-services/hcc-kessel-mcpattributed-to
- npm @redhat-cloud-services/hcc-pf-mcpattributed-to
- pypi gpt-pilotattributed-to
- pypi pantheon-toolsetsattributed-to
- pypi pantheon-agentsattributed-to
- pypi magiqueattributed-to
- pypi magique-aiattributed-to
- pypi executor-engineattributed-to
- pypi executor-httpattributed-to
- pypi funcdescattributed-to
- pypi cmd2funcattributed-to
- pypi coolboxattributed-to
- pypi ufishattributed-to
- pypi napari-ufishattributed-to
- pypi nucboxattributed-to
- pypi okiteattributed-to
- pypi braminattributed-to
- pypi synagoattributed-to
- pypi mrbiosattributed-to
- pypi uprobeattributed-to
- pypi spateo-releaseattributed-to
- pypi dynamo-releaseattributed-to
- pypi ppkt2synergyattributed-to
- pypi mflux-streamlitattributed-to
- pypi nhmpyattributed-to
- pypi embiggenattributed-to
- pypi gpseaattributed-to
- pypi pyphetoolsattributed-to
- pypi ensmallenattributed-to
Indicators
- sha256 031ba872d5a84bfb18115f432811e4b45180346a1bae653f7fd85f918e7bb3a3indicates
- sha256 df1732f5bfec12e066be44dee02ec8a243e4868d38672c1b1d065359dd735a14indicates
- sha256 0dc06ecdaa63fe24859cfd955053c23245c536e4733480239d14bebf12688e35indicates
- url https://registry.npmjs.org/-/npm/v1/oidc/token/exchange/package/communicates-with
- url https://github.com/oven-sh/bun/releases/download/bun-v1.3.13/communicates-with
- ipv4 169.254.169.254communicates-with
- ipv4 169.254.170.2communicates-with
- file_path /var/run/secrets/kubernetes.io/serviceaccount/tokenindicates
- file_path /var/run/docker.sockindicates
- file_path /tmp/p<random>.jsindicates
- file_path /tmp/b-<random>/bunindicates
- file_path /tmp/kitty-<random>indicates
- domain login.microsoftonline.comcommunicates-with
- domain graph.microsoft.comcommunicates-with
- email justinorringer@gmail.comindicates
- email claude@users.noreply.github.comindicates
- github_repo RedHatInsights/javascript-clientsexfiltrates-to
- github_repo RedHatInsights/frontend-componentsexfiltrates-to
- github_repo RedHatInsights/platform-frontend-ai-toolkitexfiltrates-to
- sha256 51b4dd39a15af1e28e97adc375849d688423ec3d88e8010644395fcdea52a3ccindicates
- sha256 c96f37e1b9cdc9683a300909492ed9f770b620d0037e5b80e23753cba7ca4077indicates
- file_path core/telemetry/.loader.lockindicates
- github_repo Pythagora-io/gpt-pilottargets
- github_repo edxeth/Shai-Hulud-Open-Sourceuses
Techniques
- ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttp T1199 Trusted Relationshipuses
- ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttp T1027 Obfuscated Files or Informationuses
- ttp T1140 Deobfuscate/Decode Files or Informationuses
- ttp T1105 Ingress Tool Transferuses
- ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
- ttp T1552.005 Unsecured Credentials: Cloud Instance Metadata APIuses
- ttp T1528 Steal Application Access Tokenuses
- ttp T1606.002 Forge Web Credentials: SAML Tokensuses
- ttp T1041 Exfiltration Over C2 Channeluses
- ttp T1567.001 Exfiltration to Code Repositoryuses
- ttp T1098 Account Manipulationuses
- ttp T1610 Deploy Containeruses
- ttp T1546 Event Triggered Executionuses
- ttp T1480.001 Execution Guardrails: Environmental Keyinguses
- ttp T1518.001 Software Discovery: Security Software Discoveryuses
- ttp Self-Propagation via Trusted Publishing Wormuses
- ttp Spoofed User-Agent on GitHub APIuses
- ttp T1195.002 Compromise Software Supply Chainuses
- ttp T1059.006 Command and Scripting Interpreter: Pythonuses
- ttp T1036 Masqueradinguses
