Full Report
GitHub is an invaluable platform used by app developers to manage workflows, maintain version control and more. But recent attacks using compromised GitHub actions are a reminder of the importance of practicing supply-chain security.
Analysis Summary
# Tool/Technique: tj-actions/changed-files (CVE-2025-30066)
## Overview
This entry summarizes a major supply-chain attack discovered on March 19, 2025, involving the compromise of a popular third-party GitHub Action named `tj-actions/changed-files`. This Action is intended to detect which files have changed in a pull request or commit. The compromise led to information disclosure of sensitive secrets stored within affected repositories.
## Technical Details
- Type: Supply Chain Compromise / Malicious GitHub Action
- Platform: GitHub Actions (CI/CD environments)
- Capabilities: Information disclosure of secrets stored within GitHub repositories.
- First Seen: March 2025 (Discovery date)
## MITRE ATT&CK Mapping
Inferred mapping based on the action's result (disclosure of secrets):
- TA0006 - Credential Access
- T1003 - OS Credential Dumping (If secrets were available to the running process)
- T1552 - Unsecured Credentials
- T1552.001 - Credentials in Files (If secrets were written to repository files)
## Functionality
### Core Capabilities
- **Information Disclosure:** The primary function of the malicious payload was to disclose sensitive secrets.
- **Affected Repositories:** The compromise affected approximately 23,000 GitHub repositories utilizing this Action.
### Advanced Features
- **Local Exfiltration:** Uniquely, the malicious payload did *not* exfiltrate stolen data to an external Command and Control (C2) server. Instead, it dumped the exposed secrets directly into the compromised repository, making them visible to anyone with access to that repository.
- **Secret Exposure:** Exposed secrets included valid access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys.
## Indicators of Compromise
- File Hashes: [N/A provided for the specific malicious artifact]
- File Names: [N/A provided]
- Registry Keys: [N/A]
- Network Indicators: None, as the payload dumped data locally to the repository rather than exfiltrating externally.
- Behavioral Indicators: Execution of a GitHub Action that writes sensitive data into the repository's file system/commit history.
## Associated Threat Actors
- [Threat Actor associated with CVE-2025-30066 is not explicitly named in the context, but characterized as a supply-chain attacker.]
## Detection Methods
- **Signature-based detection:** Detection of updates to the compromised Action (The vulnerability was patched in **v46.0.1**).
- **Behavioral detection:** Monitoring GitHub Actions workflows for anomalous file write operations within the repository before or after the Action runs. Alerting on the detection/appearance of credentials within repository file contents that were otherwise private.
## Mitigation Strategies
- **Configuration Hardening:** Pinning GitHub Actions to a specific, full-length commit SHA rather than using broader references (like branch names or major/minor versions).
- **Auditing:** Auditing the source code of all third-party actions before use.
- **Patching:** Updating all instances using the compromised Action to the patched version (v46.0.1 or newer).
- **General Security:** Verifying all dependencies and resources before use; maintaining a strong security posture.
## Related Tools/Techniques
- **Compromised Artifacts/Poisoned Open-Source Artifacts:** Similar attacks noted in August 2024 affecting major cloud providers (Google, Microsoft, AWS) via CI/CD pipeline compromise.
- **Colorama Supply Chain Attack (April 2024):** A separate supply-chain attack exploiting typosquatting and compromised cookies to steal browser data, credentials, and cryptocurrency wallet information.
---
# Tool/Technique: Colorama Malicious Copy (Supply Chain Attack)
## Overview
This refers to a supply-chain attack identified in April 2024 where a tampered-with copy of the legitimate third-party package, Colorama (used by millions of developers), was deployed. The attackers utilized stolen browser cookies, typosquatting, and other means to compromise the package distribution.
## Technical Details
- Type: Malware/Poisoned Package (Supply Chain compromise)
- Platform: Developer environments running packages installed via standard ecosystem managers (e.g., npm, pip).
- Capabilities: Theft of user data from web browsers, account credentials, cryptocurrency wallet theft, and keystroke logging.
- First Seen: April 2024
## MITRE ATT&CK Mapping
- TA0006 - Credential Access
- T1003 - OS Credential Dumping
- T1056 - Input Capture
- T1056.001 - Keylogging
- TA0010 - Exfiltration
- T1041 - Exfiltration Over C2 Channel (Implied, for sending stolen data)
## Functionality
### Core Capabilities
- **Browser Data Theft:** Stealing autofill information, cookies, credit cards, login credentials, and browsing history from multiple web browsers.
- **Cryptocurrency Theft:** Searching for and decrypting Discord tokens to access user accounts, subsequently stealing cryptocurrency wallets.
- **Account Compromise:** Stealing Telegram data and exfiltrating general computer files.
### Advanced Features
- **Token Harvesting:** Specifically targets Discord tokens for account takeover and associated asset theft.
- **Keylogging:** Logs victim keystrokes to harvest sensitive information like passwords and personal messages in real-time.
- **Session Token Harvesting:** Steals Instagram session tokens for account access.
## Indicators of Compromise
- File Hashes: [N/A provided]
- File Names: [N/A provided]
- Registry Keys: [N/A provided]
- Network Indicators: Implied exfiltration channels for stolen data (C2).
- Behavioral Indicators: Keystroke monitoring, unauthorized file access (Telegram, computer files), manipulation of session tokens.
## Associated Threat Actors
- [Threat Actor associated with the Colorama compromise is not explicitly named in the context.]
## Detection Methods
- **Behavioral detection:** Monitoring for processes attempting to read browser storage locations, capture keystrokes, or interact with Discord process memory/files.
- **Network monitoring:** Detecting attempted connections to external C2 servers originating from developer build processes, especially those involving tokens or credentials.
## Mitigation Strategies
- **Code Auditing:** Thoroughly reviewing the source code of third-party packages before integrating them.
- **Environment Security:** Limiting the privileges of environments used for building and running code.
- **Use of WAAP:** Employing Web Application and API Protection (WAAP) solutions to detect and remediate post-exploitation behavior.
## Related Tools/Techniques
- **Compromised GitHub Actions:** Similar supply-chain vectors.
- **Dependency Confusion/Typosquatting:** The attack vector used to introduce the tampered package.