On March 23, 2026, the KICS GitHub Action, a widely used open-source infrastructure as code (IaC) security scanner developed by Checkmarx, was compromised by TeamPCP, a threat group previously linked to the Trivy supply chain attack. Between 12:58 and 16:50 UTC, attackers hijacked 35 tags by staging imposter commits and updating these tags using a compromised identity, effectively injecting malicious code into the software supply chain. The injected malware is designed to steal cloud provider credentials by targeting environment variables and configuration files commonly used in cloud environments. It establishes persistence on non-continuous integration (non-CI) systems by deploying Kubernetes-focused persistence code, enabling attackers to maintain long-term access. The malware communicates with a newly registered command and control (C2) domain and creates fallback repositories to ensure resilience against takedown attempts. Additionally, two OpenVSX extensions were compromised, expanding the attack surface. The attack leverages multiple MITRE ATT&CK techniques including credential dumping (T1552), command execution (T1059.007), persistence (T1542.003), and exfiltration (T1041). Although no CVE or patch links are currently available, the attack highlights the risks of supply chain compromises in open-source ecosystems. Organizations relying on KICS or the affected OpenVSX extensions should conduct thorough audits of their CI/CD workflows, inspect for signs of credential exfiltration, and apply stringent security controls to prevent further exploitation.

This supply chain attack poses significant risks to organizations globally, especially those using KICS GitHub Action and OpenVSX extensions in their development and deployment pipelines. The theft of cloud provider credentials can lead to unauthorized access to cloud resources, data breaches, and potential lateral movement within cloud environments. Persistent malware with Kubernetes-focused capabilities can disrupt container orchestration, leading to service degradation or denial of service. The compromise of a trusted open-source tool undermines the integrity of infrastructure as code security practices, potentially causing widespread distrust and operational disruptions. Organizations may face financial losses, regulatory penalties, and reputational damage if sensitive cloud assets are exposed or manipulated. The attack also increases the risk of further supply chain compromises as attackers may leverage the foothold to target downstream users. Given the malware’s persistence and stealth, detection and remediation may be challenging, requiring significant incident response efforts.

Organizations should immediately audit all workflows that incorporate the KICS GitHub Action and the affected OpenVSX extensions to identify unauthorized changes or suspicious activity. Review Git commit histories and tags for imposter commits and verify the integrity of software components. Search for indicators of compromise such as unusual network connections to the new C2 domain, unexpected repository creations, or Kubernetes persistence artifacts. Rotate all cloud provider credentials and secrets that may have been exposed, and enforce strict least privilege access policies. Implement multi-factor authentication (MFA) and use hardware security modules (HSMs) or vault solutions for secret management. Harden CI/CD pipelines by restricting write access to repository tags and enforcing signed commits. Monitor Kubernetes clusters for anomalous behavior and unauthorized persistence mechanisms. Engage in threat intelligence sharing to stay updated on emerging indicators and remediation strategies. Finally, consider isolating critical infrastructure and conducting comprehensive penetration testing to validate security posture post-incident.