The hackerbot-claw campaign represents a sophisticated, AI-powered automated attack targeting continuous integration and continuous deployment (CI/CD) pipelines, specifically those leveraging GitHub Actions in prominent open source projects. Over approximately one week, the attacker exploited multiple vectors to gain remote code execution capabilities within targeted repositories. The bot utilized five distinct exploitation techniques: (1) token theft through poisoned Go scripts embedded in dependencies, (2) direct injection of malicious scripts into workflows, (3) branch name injection to manipulate pipeline behavior, (4) filename injection to execute arbitrary code, and (5) AI prompt injection to influence automated processes. These methods enabled the attacker to exfiltrate GitHub tokens with write permissions, granting the ability to modify repository contents and potentially inject malicious code or backdoors. The campaign affected repositories from major organizations such as Microsoft, DataDog, and the Cloud Native Computing Foundation (CNCF), with the most critical compromise occurring in Aqua Security’s Trivy project, leading to full repository control. The attack leverages the trust and automation inherent in software supply chains, exploiting the complexity and scale of modern CI/CD pipelines. Indicators of compromise include domains and URLs under hackmoltrepeat.com, which serve as command and control or exfiltration points. The campaign highlights the increasing sophistication of AI-driven threats and the urgent need for enhanced automated security controls, such as rigorous token management, input validation, and anomaly detection within CI/CD environments. Although no CVE identifiers or known exploits in the wild have been assigned, the threat is real and ongoing.

This campaign poses significant risks to organizations worldwide that rely on GitHub Actions and open source CI/CD pipelines for software development and deployment. Successful exploitation can lead to unauthorized remote code execution, full repository compromise, and theft of sensitive credentials such as GitHub tokens with write permissions. This enables attackers to inject malicious code, backdoors, or supply chain malware into widely used software projects, potentially affecting downstream users and organizations that consume these packages. The compromise of high-profile projects like Aqua Security’s Trivy could undermine trust in security tools and open source ecosystems. Additionally, the automated nature of the attack, powered by AI, increases the speed and scale at which such threats can propagate, making detection and response more challenging. The campaign also raises concerns about the security of automated workflows and the potential for AI to be weaponized in cyberattacks. Organizations could face reputational damage, intellectual property theft, and operational disruptions if their CI/CD pipelines are compromised.

Organizations should implement multi-layered, automated security controls tailored to CI/CD environments to mitigate this threat effectively. Key measures include: 1) Enforce strict least privilege access for GitHub tokens, using fine-grained personal access tokens or GitHub Apps with minimal scopes and regularly rotate credentials. 2) Implement rigorous input validation and sanitization for all user-controlled inputs in CI/CD workflows, including branch names, filenames, and script contents, to prevent injection attacks. 3) Use dependency scanning and supply chain security tools to detect poisoned or malicious packages before inclusion in builds. 4) Enable workflow run restrictions such as requiring pull request reviews and limiting workflow triggers to trusted contributors. 5) Monitor CI/CD pipeline logs and network traffic for anomalous behavior or connections to suspicious domains like hackmoltrepeat.com. 6) Employ anomaly detection and behavioral analytics to identify unusual activity indicative of AI-driven automated attacks. 7) Adopt ephemeral or short-lived tokens and avoid storing long-lived secrets in workflows. 8) Regularly audit and update CI/CD configurations and dependencies to patch potential vulnerabilities. 9) Educate developers and DevOps teams about emerging AI-powered threats and secure coding practices in CI/CD contexts. 10) Consider integrating AI-based security tools that can detect and respond to AI-driven attack patterns in real time.