Supply Chain Attack: 32 Red Hat npm Packages Infected with 'Shai-Hulud' Malware via GitHub Actions ExploitCloud security firm Wiz has uncovered a sophisticated software supply chain attack targeting Red Hat. Investigators revealed that 32 malicious npm packages under Red Hat’s official @redhat-cloud-services scope had been compromised and injected with info-stealing malware. Red Hat’s security team has since moved swiftly to unpublish and remove nearly all affected packages from the public npm registry.
The Payload: 'Shai-Hulud' Targets Cloud API Credentials
The embedded malware family has been identified as Shai-Hulud, a notorious strain engineered specifically for credential harvesting. Once an infected npm package is bundled into a developer's project or an enterprise application, the malware activates to scan the local environment, targeting high-value cloud API keys, including access tokens for Google Cloud Platform (GCP) and Microsoft Azure.
The Attack Vector: Compromised Credentials and CI/CD Hijacking
Forensics indicate that the breach originated from a targeted credential compromise rather than an architectural vulnerability within Red Hat's systems:
Account Takeover: The threat actors successfully compromised the personal GitHub account of a Red Hat software engineer.
Workflow Manipulation: Using this unauthorized access, the attackers pushed malicious code changes to a non-main branch within the RedHatInsights repository.
Token Exfiltration: The modified code altered the automated GitHub Actions CI/CD workflows. This maneuver was explicitly designed to trigger a workflow run that scraped and exfiltrated highly sensitive npm automation tokens stored within GitHub's secrets vault.
Malicious Publishing: Armed with these legitimate npm publishing credentials, the attackers bypassed standard code-review protocols and pushed malicious updated versions of the 32 packages directly to the public registry.
Remediation and Mitigation Strategies
While Red Hat has successfully expunged the compromised packages from the npm ecosystem, security firm Wiz warns that the blast radius could still impact downstream environments.
For organizations utilizing Red Hat cloud services components, Wiz urgently recommends a comprehensive security audit covering developer workstations, CI/CD pipelines, and internal source code repositories. As a defensive baseline, DevOps teams are strongly advised to rotate all cloud infrastructure keys and API tokens that may have been exposed during the active breach window.
Currently, many developers are complacent, believing that storing tokens in GitHub Secrets or Environment Variables is 100% secure. However, this case illustrates that if a hacker can modify the YAML file of a workflow (e.g., .github/workflows/build.yml) in a secondary branch, they can immediately instruct a script to echo or send those secret values to an external server via a simple command like curl as soon as the CI/CD process starts. This is why the current trend is towards implementing Workflow Least Privilege, limiting access to secondary branches from the main secret.
Modern hackers don't directly try to penetrate an organization's thick firewall, but instead choose to target employees' "personal accounts" (e.g., through phishing or stealing session cookies). This is because employees often use overly broad access rights (over-privileged accounts). Once a hacker gains control of a single developer's account, they can use the reputation and credibility of a global brand like Red Hat as a springboard to spread malware to customers worldwide in a flash.
The malware's name, "Shai-Hulud," is derived from... The "giant sand worm" from the famous science fiction novel Dune, which burrows underground to devour anything that moves in the sand, is used as the name for this malware to reflect its behavior of silently lurking beneath the system, waiting to "harvest" crucial cloud API keys the moment code is moved or executed.
The $500 Million AI Bill Uncapped Claude Enterprise Tokens Shocked One Corporate Giant.
Source: Wiz
Supply Chain Attack: 32 Red Hat npm Packages Infected with 'Shai-Hulud' Malware via GitHub Actions ExploitCloud security firm Wiz has uncovered a sophisticated software supply chain attack targeting Red Hat. Investigators revealed that 32 malicious npm packages under Red Hat’s official @redhat-cloud-services scope had been compromised and injected with info-stealing malware. Red Hat’s security team has since moved swiftly to unpublish and remove nearly all affected packages from the public npm registry.
The Payload: 'Shai-Hulud' Targets Cloud API Credentials
The embedded malware family has been identified as Shai-Hulud, a notorious strain engineered specifically for credential harvesting. Once an infected npm package is bundled into a developer's project or an enterprise application, the malware activates to scan the local environment, targeting high-value cloud API keys, including access tokens for Google Cloud Platform (GCP) and Microsoft Azure.
The Attack Vector: Compromised Credentials and CI/CD Hijacking
Forensics indicate that the breach originated from a targeted credential compromise rather than an architectural vulnerability within Red Hat's systems:
Account Takeover: The threat actors successfully compromised the personal GitHub account of a Red Hat software engineer.
Workflow Manipulation: Using this unauthorized access, the attackers pushed malicious code changes to a non-main branch within the RedHatInsights repository.
Token Exfiltration: The modified code altered the automated GitHub Actions CI/CD workflows. This maneuver was explicitly designed to trigger a workflow run that scraped and exfiltrated highly sensitive npm automation tokens stored within GitHub's secrets vault.
Malicious Publishing: Armed with these legitimate npm publishing credentials, the attackers bypassed standard code-review protocols and pushed malicious updated versions of the 32 packages directly to the public registry.
Remediation and Mitigation Strategies
While Red Hat has successfully expunged the compromised packages from the npm ecosystem, security firm Wiz warns that the blast radius could still impact downstream environments.
For organizations utilizing Red Hat cloud services components, Wiz urgently recommends a comprehensive security audit covering developer workstations, CI/CD pipelines, and internal source code repositories. As a defensive baseline, DevOps teams are strongly advised to rotate all cloud infrastructure keys and API tokens that may have been exposed during the active breach window.
Currently, many developers are complacent, believing that storing tokens in GitHub Secrets or Environment Variables is 100% secure. However, this case illustrates that if a hacker can modify the YAML file of a workflow (e.g., .github/workflows/build.yml) in a secondary branch, they can immediately instruct a script to echo or send those secret values to an external server via a simple command like curl as soon as the CI/CD process starts. This is why the current trend is towards implementing Workflow Least Privilege, limiting access to secondary branches from the main secret.
Modern hackers don't directly try to penetrate an organization's thick firewall, but instead choose to target employees' "personal accounts" (e.g., through phishing or stealing session cookies). This is because employees often use overly broad access rights (over-privileged accounts). Once a hacker gains control of a single developer's account, they can use the reputation and credibility of a global brand like Red Hat as a springboard to spread malware to customers worldwide in a flash.
The malware's name, "Shai-Hulud," is derived from... The "giant sand worm" from the famous science fiction novel Dune, which burrows underground to devour anything that moves in the sand, is used as the name for this malware to reflect its behavior of silently lurking beneath the system, waiting to "harvest" crucial cloud API keys the moment code is moved or executed.
The $500 Million AI Bill Uncapped Claude Enterprise Tokens Shocked One Corporate Giant.
Source: Wiz
.webp)
Comments
Post a Comment