Full Report
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI
Analysis Summary
# Incident Report: Megalodon Automated Supply Chain Campaign
## Executive Summary
The Megalodon campaign is a massive, automated supply chain attack that pushed over 5,700 malicious commits to more than 5,500 GitHub repositories within a six-hour window. By forging CI/CD bot identities and injecting malicious GitHub Actions workflows, the attackers successfully exfiltrated a wide array of cloud credentials, secrets, and environment variables. The incident highlights a significant shift toward high-velocity, automated exploitation of the CI/CD pipeline ecosystem.
## Incident Details
- **Discovery Date:** May 22, 2026 (Public disclosure by SafeDep)
- **Incident Date:** May 18, 2026
- **Affected Organization:** 5,561 distinct GitHub repositories (including @tiledesk/tiledesk-server)
- **Sector:** Technology / Software Development / Open Source
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** May 18, 2026, between 11:36 a.m. and 5:48 p.m. UTC.
- **Vector:** Compromised Personal Access Tokens (PATs) or Deploy Keys.
- **Details:** Attackers utilized throwaway GitHub accounts with 8-character random usernames to push malicious commits.
### Lateral Movement
- **Mechanism:** The attack functioned in a worm-like fashion; by compromising one repository and obtaining its `GITHUB_TOKEN`, the attackers could potentially move to other repositories or internal infrastructure accessible via those credentials.
### Data Exfiltration/Impact
- **Details:** Malicious GitHub Actions workflows executed base64-encoded bash payloads. These payloads exfiltrated AWS/GCP/Azure credentials, SSH keys, Terraform tokens, API keys, and OIDC tokens to a remote C2 server.
### Detection & Response
- **Discovery:** Identified by security researchers (SafeDep) through monitoring of anomalous commit patterns and CI/CD workflow modifications.
- **Response Actions:** Public disclosure and notification of impacted projects (e.g., Tiledesk). GitHub typically intervenes by suspending malicious accounts and rotating compromised tokens where possible.
## Attack Methodology
- **Initial Access:** Use of compromised credentials (PATs/Deploy Keys) to push code.
- **Persistence:** Injection of "SysDiag" (runs on every push/PR) or "Optimize-Build" (runs on manual trigger) GitHub Action workflows.
- **Privilege Escalation:** Not explicitly stated, though the theft of high-level cloud tokens provides equivalent administrative access to cloud environments.
- **Defense Evasion:** Forged author identities (e.g., `build-bot`, `auto-ci`) and commit messages mimicking routine maintenance; use of throwaway accounts and base64 encoding.
- **Credential Access:** Theft of environment variables, `.env` files, and secrets from the CI runner.
- **Discovery:** Automated scanning of GitHub for vulnerable or influential repositories.
- **Exfiltration:** Data sent via HTTPS to `216.126.225[.]129:8443`.
- **Impact:** Compromise of the software supply chain, potential for downstream injection into legitimate software packages.
## Impact Assessment
- **Financial:** Potentially high due to the scope of stolen cloud credentials (AWS/GCP/Azure) which allows for unauthorized resource usage or data theft.
- **Data Breach:** High; 5,500+ repositories affected with exfiltration of secrets, source code, and configuration files.
- **Operational:** Disruption of CI/CD pipelines and the need for massive secret rotation efforts across thousands of projects.
- **Reputational:** Significant damage to the perceived security of the open-source ecosystem.
## Indicators of Compromise
- **Network Indicators:** `216.126.225[.]129:8443`
- **File Indicators:** Malicious workflow files containing base64-encoded bash scripts.
- **Behavioral Indicators:** Forged commit authors (`build-bot`, `auto-ci`, `ci-bot`, `pipeline-bot`) and random 8-character account names.
## Response Actions
- **Containment:** Removal of malicious workflow files from affected repositories.
- **Eradication:** Revocation of all secrets and credentials that were present in the CI/CD environment at the time of the compromise.
- **Recovery:** Auditing commit history to ensure no further backdoors were introduced into the source code itself.
## Lessons Learned
- **Credential Security:** PATs and deploy keys remain critical points of failure; strict scoping and expiration policies are necessary.
- **Automation Oversight:** Automated security tools must monitor for unauthorized changes to CI/CD configuration files (`.github/workflows`), not just source code.
- **Identity Forgery:** Git's ability to forge author identities easily allows attackers to blend in with automated system processes.
## Recommendations
- **Implement OIDC:** Move away from long-lived cloud secrets in CI/CD in favor of short-lived OIDC tokens.
- **Workflow Approvals:** Require manual approval for all first-time contributors and monitor modifications to workflow files.
- **Secret Scanning:** Use automated tools to detect if secrets have been leaked or accessed by unauthorized processes.
- **Least Privilege:** Ensure that `GITHUB_TOKEN` permissions are set to the minimum required (e.g., `contents: read`) in workflow files by default.