This threat involves a sophisticated supply chain compromise targeting the aquasecurity/trivy-action GitHub repository, a popular GitHub Action used for security scanning in CI/CD pipelines. The attacker force-pushed malicious code to 75 out of 76 version tags, effectively hijacking trusted version references to distribute an infostealer payload. When these compromised tags are used in GitHub Actions workflows, the malicious code executes within the GitHub Actions runner environment. It targets sensitive secrets by harvesting credentials and other confidential data from the runner's process memory and filesystem. The stolen information is then encrypted and exfiltrated either to an attacker-controlled external endpoint or via a fallback channel hosted on GitHub infrastructure. The attack leverages multiple MITRE ATT&CK techniques, including credential dumping (T1555), process injection (T1059.004), and data exfiltration (T1041). The adversary behind this campaign is identified as TeamPCP, known for cloud credential theft. The attack's scale is significant, potentially impacting over 10,000 workflow files that reference the compromised action, thus affecting a broad range of organizations using GitHub Actions for CI/CD. No CVE or patch links are currently available, and no known exploits in the wild have been reported, indicating this is a newly discovered threat. The attack highlights the risks of supply chain compromises in software development pipelines and the critical need for securing CI/CD environments.

The impact of this threat is substantial for organizations using the aquasecurity/trivy-action in their GitHub Actions workflows. By compromising trusted version tags, attackers can stealthily distribute malware that steals sensitive CI/CD secrets such as API keys, tokens, and credentials stored in environment variables or runner memory. This can lead to unauthorized access to cloud environments, code repositories, and other critical infrastructure. The exfiltrated credentials can facilitate further lateral movement, data breaches, or ransomware attacks. The widespread nature of the compromise means thousands of organizations globally could be affected, especially those relying heavily on GitHub Actions for automation and security scanning. The integrity of the CI/CD pipeline is undermined, potentially allowing attackers to inject malicious code into software builds or deployments. Additionally, the attack erodes trust in open-source actions and highlights the risk of supply chain attacks in modern DevOps practices.

Organizations should immediately audit their GitHub Actions workflows to identify usage of the aquasecurity/trivy-action and avoid referencing compromised version tags. Pin workflows to specific, verified commit SHAs rather than mutable tags to prevent automatic pulling of malicious code. Rotate all secrets and tokens used in CI/CD environments that might have been exposed. Implement strict least privilege access for CI/CD secrets and use GitHub's encrypted secrets management features. Monitor GitHub Actions logs for unusual activity or unexpected network connections, especially to suspicious domains like scan.aquasecurtiy.org. Employ runtime security tools to detect anomalous behavior in CI/CD runners. Consider using third-party supply chain security tools to verify the integrity of GitHub Actions and dependencies. Engage with the action's maintainers and community for updates or official patches. Finally, educate developers and DevOps teams about the risks of supply chain attacks and best practices for securing CI/CD pipelines.