A sophisticated supply chain attack has targeted the AsyncAPI open-source project, resulting in the publication of malicious versions of several popular npm packages. The threat actor compromised the project's GitHub repositories to inject a multi-stage malware loader that deploys the Miasma RAT. The attack is notable for its method: by committing malicious code to a development branch, the attackers abused the project's legitimate CI/CD workflow, powered by GitHub Actions, to automatically publish the poisoned packages. This tactic allowed the malicious packages to be signed with valid provenance attestations, making them appear authentic and difficult to detect. The incident exposes critical security gaps in modern, automated software supply chains.
On July 14, 2026, security researchers identified a coordinated attack against the AsyncAPI ecosystem. The threat actor did not steal npm publishing tokens directly. Instead, they gained write access to the next branch of two official AsyncAPI GitHub repositories. By pushing malicious commits to this branch, they triggered the project's automated release pipeline.
The CI/CD process, believing the code to be legitimate, built and published new versions of the following packages to the npm registry:
@asyncapi/generator@3.3.1@asyncapi/generator-helpers@1.1.1@asyncapi/generator-components@0.7.1@asyncapi/specs@6.11.1The malicious payload was a dropper that executed upon the library being loaded in an application (require or import), not during the npm install phase. This delayed execution is a deliberate evasion technique. The dropper's ultimate goal was to install the Miasma RAT, a cross-platform Remote Access Trojan.
The attack chain demonstrates a deep understanding of modern development practices:
This attack highlights a critical flaw in relying solely on publisher identity verification, like OIDC provenance. While provenance proves who published a package, it cannot prove the integrity of the code within it. If the publisher's build process is compromised, it will simply sign and attest to malicious code.
The impact of this attack is significant and multi-faceted:
@asyncapi/generator@3.3.1@asyncapi/generator-helpers@1.1.1@asyncapi/generator-components@0.7.1@asyncapi/specs@6.11.1Security teams may want to hunt for the following patterns to detect potential compromise:
package-lock.json, yarn.locknodenode processes that spawn unexpected child processes or make unusual network connections, particularly in the context of a CI/CD job.npm install or npm cinpm audit may help, but manual inspection of lock files is recommended.node processes, or the presence of the Miasma RAT.main, release) with branch protection rules, requiring signed commits and multiple reviewers.package-lock.json, yarn.lock) to ensure that builds are reproducible and use specific, vetted package versions. This is a form of Application Configuration Hardening (D3-ACH).While the attacker abused the legitimate signing process, enforcing signed commits on GitHub can help prevent unauthorized code from being introduced to the repository in the first place.
Run CI/CD build processes in isolated, ephemeral environments with restricted network access to limit the potential impact of a compromised dependency.
Use egress filtering to block outbound connections from build agents and developer workstations to any destination not on an explicit allowlist.
Coordinated supply chain attack targeting AsyncAPI is identified.

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.
CyberNetSec.io uses automation to assist source monitoring, deduplication, observable extraction, and structured intelligence generation. Published analysis follows human-defined editorial standards and adds defensive context including MITRE ATT&CK, D3FEND, STIX, and Sigma where applicable. Read our editorial policy.
Help others stay informed about cybersecurity threats
Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.
Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.
Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.
Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.
Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.