On June 1, 2026, a highly automated, large-scale supply chain attack targeted Red Hat’s Hybrid Cloud Console JavaScript ecosystem. Over a tight 72-second window (10:54:09 to 10:55:21 UTC), an attacker pushed 32 malicious packages under the @redhat-cloud-services npm scope. The attack injected identical multi-layered obfuscated dropper malware designed to harvest cloud credentials and propagate further via worm-like mechanics. Because the affected components span two distinct GitHub repositories, this incident has been confirmed as a scope-level account credential compromise.
Severity: High
Attack Timeline (Utc, June 1 2026)
- 10:54:09 :- First malicious packages published tsc-transform-imports, types
- 10:54:09 – 10:55:04 :- Remaining 30 packages published in rapid batch via automated script
- 10:55:21 :- Last malicious package published rbac-client (942k downloads)
- Post ~10:56 :- Legitimate maintainers publish clean N+1 patch versions; malicious versions removed from npm registry
Attack Details
- Initial access: Scope-level npm credential theft
Attacker obtained publish credentials for the entire @redhat-cloud-services namespace not tied to any individual GitHub repository. Spans two source repos, confirming credential theft at npm scope level. - Execution & persistence: Preinstall hook injection via package.json
Two files modified per package: package.json (adds “preinstall”: “node index.js”) and index.js (fully replaced with obfuscated dropper). No other files touched surgical, automated tooling. - Defense evasion 4 obfuscation layers
a. ROT-N Caesar cipher: Unique rotation value (N) per package ~4 MB of char codes, visually distinct blobs, same decode engine
b. AES-128-GCM authenticated encryption: Two encrypted blobs per package; unique keys, IVs, auth tags. GCM prevents tampering-based extraction
c. Obfuscator.io toolchain (634 KB payload): String array encoding, control flow flattening, identifier mangling
d. Unique SHA-256 per package: Individually tailored payloads defeat hash-based deduplication; each package must be analyzed independently - Bun runtime download (evasion via legitimate binary): Downloads bun v1.3.13 from github.com/oven-sh/bun/releases a legitimate binary from a legitimate source. Avoids suspicious network traffic. If bun is already present, download step skipped.
Payload Capabilities
- Credential harvesting
• AWS: Access key, secret, session token, profiles
• Azure / ARM: Tenant ID, client ID/secret, OIDC token
• Google Cloud: Application default credentials
• HashiCorp Vault: VAULT_TOKEN, VAULT_AUTH_TOKEN
• GitHub: GITHUB_TOKEN, workflow refs
• npm / SSH: ~/.npmrc, ~/.ssh/ - Exfiltration method: GitHub API client embedded in payload (githubFetch). C2 URL stored under additional encryption layer on top of obfuscator.io string table prevents static extraction.
- CI/CD targeting: Checks GITHUB_REPOSITORY and GITHUB_WORKFLOW_REF triggers targeted exfiltration path in GitHub Actions environments and exits quietly.
- Worm propagation: Contains ROT-N encoder + payload generator identical to the dropper’s structure. If npm credentials are stolen, can publish poisoned versions to additional scopes.
Recommendations
- If a npm install or automated build script executed on June 1, 2026, between 10:54 UTC and 10:56 UTC, assume full environment compromise. Revoke and rotate all cloud provider keys (AWS, GCP, Azure), HashiCorp tokens, GitHub pipeline secrets, SSH configurations, and registry tokens instantly.
- Audit all internal repositories for package-lock.json, yarn.lock, or pnpm-lock.yaml files. Force-upgrade any pinned dependencies to the legitimate maintainers’ clean $N+1$ patch versions and ensure the malicious versions are completely purged from dependency trees.
- Configure your repository managers (e.g., JFrog Artifactory, Sonatype Nexus, AWS CodeArtifact) to explicitly block and drop packages matching the 32 unique index.js SHA-256 hashes identified in the incident.
- Monitor for anomalous outbound connections from build agents, particularly HTTP traffic initiated by Node.js processes during npm install.
- Block the IOCs at their respective controls
https://www.virustotal.com/gui/collection/b175ce19f0bcfd48181e1141cec4ae8ee60346d96cb98b55ef12558fa6ed6100/iocs
IOCs
| Package | Version | Compromised index.js SHA-256 |
| chrome | 2.3.1 | 21b6409a7b84446310daca5409ad6112ac60a1e4bef97736e53fff5f63bfdef4 |
| compliance-client | 4.0.3 | 5c6cb758a3447bc7e0de34406919a933f9351e90ef04ec43f3bbb401e7004e1b |
| config-manager-client | 5.0.4 | 5dabf08e2655c012e478074a2cea2b0d34e286c27265a26f3846fc45e5584501 |
| entitlements-client | 4.0.11 | 2a446171b4b981d98b5af6c5606bd63b1570040334210b6ab0a10901b2606fe5 |
| eslint-config-redhat-cloud-services | 3.2.1 | edd86c0efd776a6bd934fc7b0d4d6da2b256e147cfa83bb0c2814e81d849c427 |
| frontend-components | 7.7.2 | 3f8e522595f32277a0013c7ab0df3ecf336460b56e6b4be9130907f419db3b6d |
| frontend-components-advisor-components | 3.8.2 | d8d170af3de17bb9b217c52aaaffdf9395f35ef015a57ef676e406c121e5e223 |
| frontend-components-config | 6.11.3 | 545a1838c66e1771f58d84a17b3e1841e5eeab91a73f4ccc59c9492450a6d9c0 |
| frontend-components-config-utilities | 4.11.2 | c2a60face766f69f82c972375f35f8ebaa45d6c464176974e631d9a78d6bea0a |
| frontend-components-notifications | 6.9.2 | 080190bffcaafffacca1f0181fc9024aaaa21500ffdc9926fa5b689ba959965d |
| frontend-components-remediations | 4.9.2 | 9b99482b75ee89f0d916f2743deeff381ea727e69c71491822477e67891841ad |
| frontend-components-testing | 1.2.1 | 17c4312b50d69a6f61515edcf71cfaa8271fe2538b942128cfb639d021d042a7 |
| frontend-components-translations | 4.4.1 | e5f73c888f1250a8895680801975cf177e8c690defd4a999e56f6c08ff64deb8 |
| frontend-components-utilities | 7.4.1 | 89f97557200bd26cc8941c9abaadac2d798a89562401016fbb2c757e3092dfdc |
| hcc-feo-mcp | 0.3.1 | c611e49ea46c91013448942c26049741b434cb5dac55fff7c376ca6a4f28580e |
| hcc-kessel-mcp | 0.3.1 | 7cbace2a186cab2c652305b6e33c8eeb10d4a0ec3a0c8b795de012094fa0d845 |
| hcc-pf-mcp | 0.6.1 | c178cafa2b3bcbefbbc283b5ab8fc6143e46650631f72451a44327f146a609c3 |
| host-inventory-client | 5.0.3 | cffc487ee978f7bc06e3856b286940940658884847d38b619a137b8272a75980 |
| insights-client | 4.0.4 | 8d2a09b3727b50f3d035b58bd35b90b504d24dda73a8a24e926a010a58ba5f74 |
| integrations-client | 6.0.4 | 42e165602967c8e1a6fae0113a5179adbe33e18192244fe34b872db09c85e0e6 |
| javascript-clients-shared | 2.0.8 | 09b2301d1589416e0d5fb7a602427a9850dee6713ffa741c0efcfeb1eb4c8952 |
| notifications-client | 6.1.4 | 85b1ed56530bb64d925af4ca50faacd89efb1b63d615238a34adbea9f00e4754 |
| patch-client | 4.0.4 | df1732f5bfec12e066be44dee02ec8a243e4868d38672c1b1d065359dd735a14 |
| quickstarts-client | 4.0.11 | 7b19ffc2f2bfff75989255e5e807d0f62513153de287eba9cc17003c1dcae8a8 |
| rbac-client | 9.0.3 | 94e8488fd033728eee6666550d5a94b0cc1f7b231d4d85d0affecb0615116722 |
| remediations-client | 4.0.4 | 396cac9e457ec54ff6d3f6311cb5cc1da8054d019ce3ffa1de5741506c7a4ea4 |
| rule-components | 4.7.2 | 1a30a9abe20bab121aaa75ed040565af14e6cdfb745609ee0e7b94a2d814fb9c |
| sources-client | 3.0.10 | f961d6897c0ec586cde633e100865b5b1d435cc7c301dbf0f41298ca5b42e17a |
| tsc-transform-imports | 1.2.2 | b390d9f708760b799ee5482e8050ce093219140627fcaec6df8812ac9abb9a9b |
| types | 3.6.1 | b86c5ae9e95bd841a595440faa3eb6317441e746f241ae8fd641ab59ed1d1966 |
| vulnerabilities-client | 2.1.8 | d1999fd543085918dd542322c6455abde3c57a93b8f7ce871b8809c8bb744af7 |
Source:
- https://www.reversinglabs.com/blog/red-hat-cloud-service-npm-packages-backdoored-in-72-seconds
Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn
No related posts found.
