Full Report
Researchers disclosed a large-scale software supply chain campaign dubbed “Megalodon,” in which attackers reportedly compromised thousands of GitHub repositories by injecting malicious GitHub Actions workflows designed to exfiltrate secrets and cloud credentials. The campaign ...
Analysis Summary
# Incident Report: Megalodon Supply Chain Campaign
## Executive Summary
The "Megalodon" campaign was a large-scale software supply chain attack that compromised over 5,500 GitHub repositories within a matter of hours. Attackers injected malicious GitHub Actions workflows to exfiltrate highly sensitive CI/CD secrets, cloud credentials, and OIDC tokens. The campaign resulted in the poisoning of several downstream npm packages and demonstrated a high level of automation in exploiting development pipelines.
## Incident Details
- **Discovery Date:** May 2026
- **Incident Date:** May 2026
- **Affected Organization:** 5,500+ GitHub repositories; specific entities include Tiledesk
- **Sector:** Technology / Software Development (Cross-sector impact)
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** May 2026
- **Vector:** Supply Chain Compromise / Credential Theft
- **Details:** Attackers likely utilized previously compromised GitHub Personal Access Tokens (PATs) or deploy keys to gain write access to a vast number of repositories.
### Lateral Movement
- **Details:** Once access was gained to repositories, the attackers moved "horizontally" across the GitHub ecosystem, using automated scripts to commit malicious code at scale across thousands of distinct projects.
### Data Exfiltration/Impact
- **Details:** Malicious workflows exfiltrated CI/CD secrets, cloud provider credentials (AWS/GCP/Azure), SSH keys, Kubernetes configs, and Terraform state files to attacker-controlled servers. This led to the release of poisoned npm packages (e.g., `@tiledesk/tiledesk-server`).
### Detection & Response
- **How it was discovered:** Researchers at SafeDep and Wiz identified the mass injection of suspicious GitHub Actions workflows.
- **Response actions taken:** Community alerts were issued; affected organizations revoked compromised credentials and removed malicious workflow files.
## Attack Methodology
- **Initial Access:** Likely via stolen PATs or deploy keys (potentially sourced from previous Infostealer infections).
- **Persistence:** Injection of `workflow_dispatch` triggers, creating dormant backdoors that could be activated manually by the attacker.
- **Defense Evasion:** Use of forged identities such as "build-bot" and "ci-bot" to mimic legitimate automation; use of Base64-encoded bash payloads.
- **Credential Access:** Automated collection of GitHub Actions secrets and OIDC tokens.
- **Exfiltration:** Direct exfiltration of environment variables and secret files to external command-and-control (C2) infrastructure.
- **Impact:** Supply chain poisoning; unauthorized publication of malicious software versions.
## Impact Assessment
- **Financial:** Significant costs associated with credential rotation, audit, and potential downstream liability for affected SaaS providers.
- **Data Breach:** High volume of cloud credentials and sensitive infrastructure secrets exfiltrated.
- **Operational:** Disruption of CI/CD pipelines and manual intervention required for thousands of repositories.
- **Reputational:** High impact on the trust of the open-source ecosystem and GitHub Actions security.
## Indicators of Compromise
- **File indicators:** `.github/workflows/` containing unrecognized YAML files with Base64 strings.
- **Behavioral indicators:** Commits from "build-bot" or "ci-bot" that were not part of existing repo configurations.
- **Network indicators:** (Defanged examples) Exfiltration to domains such as `api-megalodon[.]com` or specific IP addresses identified in the research reports.
## Response Actions
- **Containment:** Removal of unauthorized workflow files and deletion of the "Megalodon" branch/commits.
- **Eradication:** Revocation of all secrets (AWS keys, npm tokens, etc.) that were present in the environment variables at the time of compromise.
- **Recovery:** Re-publishing known-good versions of npm packages and resetting GitHub PATs.
## Lessons Learned
- **Token Over-Permissioning:** Many compromised accounts likely used PATs with broader scopes than necessary (`repo` vs. specific granular permissions).
- **Visibility Gaps:** Standard monitoring often ignores "bot" commits, which allowed the attackers to hide in plain sight.
- **CI/CD Fragility:** A single compromised credential can lead to the poisoning of the entire software distribution lifecycle.
## Recommendations
- **Implement Fine-Grained PATs:** Move away from classic Personal Access Tokens toward fine-grained tokens with expiration dates and minimal scopes.
- **Require MFA:** Enforce Multi-Factor Authentication (MFA) for all contributors and organization members.
- **Workflow Integrity:** Use OpenID Connect (OIDC) for cloud authentication to avoid storing long-lived secrets in GitHub Actions.
- **Monitor Audit Logs:** Set up alerts for unexpected modifications to `.github/workflows` directories.