Full Report
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. [...]
Analysis Summary
# Incident Report: Supply Chain Compromise of Checkmarx KICS
## Executive Summary
The Checkmarx KICS (Keeping Infrastructure as Code Secure) tool suffered a supply chain compromise affecting its Docker images, VS Code, and Open VSX extensions. Attackers injected a malicious "MCP addon" designed to harvest sensitive developer credentials, including AWS keys and GitHub tokens, exfiltrating them to a look-alike domain. The incident was contained within hours, with malicious artifacts removed and affected tags restored.
## Incident Details
- **Discovery Date:** April 22, 2026
- **Incident Date:** April 22, 2026
- **Affected Organization:** Checkmarx (KICS Open Source Project)
- **Sector:** Technology / Software Development / Cybersecurity
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** 2026-04-22 14:17:59 UTC
- **Vector:** Targeted compromise of the `checkmarx/kics` Docker Hub repository and VS Code extension marketplace accounts.
- **Details:** Attackers repointed legitimate Docker tags to malicious digests and uploaded trojanized extensions.
### Lateral Movement
- **Details:** After gaining a foothold in the developer's environment via the malicious tool, the malware sought to propagate by creating public GitHub repositories and scanning for credentials to move into cloud environments (AWS, Azure, GCP).
### Data Exfiltration/Impact
- **Details:** The malware targeted GitHub tokens, cloud credentials (AWS/Azure/GCP), npm tokens, SSH keys, and environment variables. Stolen data was encrypted and exfiltrated to an actor-controlled domain impersonating Checkmarx.
### Detection & Response
- **2026-04-22 15:41:31 UTC:** The malicious Docker tags were identified and restored to legitimate digests.
- **Discovery:** Triggered by an alert from Docker to Socket regarding suspicious image pushes.
- **Response:** Checkmarx revoked exposed credentials, removed malicious artifacts, and published a security bulletin.
## Attack Methodology
- **Initial Access:** Supply Chain Attack (Compromised Docker Hub and Extension Marketplace credentials).
- **Persistence:** Maintaining presence through installed VS Code extensions and malicious Docker images in CI/CD pipelines.
- **Defense Evasion:** Use of a look-alike domain (`audit.checkmarx[.]cx`) to mimic legitimate traffic; multi-staged loading via a hidden "MCP addon."
- **Credential Access:** Automated harvesting of `.env` files, SSH keys, and cloud provider configuration files.
- **Discovery:** Scanning local developer environments for Infrastructure as Code (IaC) secrets.
- **Collection:** Gathering tokens for npm, Claude, and various cloud providers.
- **Exfiltration:** Data sent to actor-controlled infrastructure via HTTPS and via the automatic creation of public GitHub repositories.
- **Impact:** Potential full takeover of cloud environments and secondary supply chain attacks via stolen npm/GitHub tokens.
## Impact Assessment
- **Financial:** Undisclosed; costs associated with incident response and potential breach of cloud resources.
- **Data Breach:** High volume of highly sensitive "crown jewel" secrets (AWS, Azure, SSH keys) from an unknown number of developers.
- **Operational:** Disruption to CI/CD pipelines as teams were forced to revert versions and rotate keys.
- **Reputational:** Significant, given Checkmarx is a security company whose tool is designed to prevent these exact types of leaks.
## Indicators of Compromise
- **Network Indicators:**
- `audit.checkmarx[.]cx`
- `checkmarx[.]cx`
- `91[.]195[.]240[.]123`
- `94[.]154[.]172[.]43`
- **File Indicators:**
- `mcpAddon.js` (Malicious multi-stage component)
- Docker Tag: `v2.1.21` (Malicious/Fake)
- **Behavioral Indicators:**
- Unauthorized creation of public GitHub repositories.
- Outbound connections from KICS tools to non-standard Checkmarx domains.
## Response Actions
- **Containment:** Malicious Docker tags reverted; fake `v2.1.21` tag deleted; compromised extensions removed from stores.
- **Eradication:** Checkmarx revoked internal credentials that may have been compromised during the breach.
- **Recovery:** Released safe versions (DockerHub v2.1.20, VS Code v2.64.0, Developer Assist v1.18.0).
## Lessons Learned
- **Dependency Vulnerability:** Even security tools are susceptible to supply chain attacks.
- **Speed of Attack:** The window of compromise was less than 90 minutes, yet significant data could be harvested in that time.
- **Verification:** Users should not rely solely on "Latest" tags or brand names in marketplaces; SHA pinning is essential.
## Recommendations
- **Pin Tooling:** Use immutable SHAs for Docker images and specific versions for extensions rather than floating tags.
- **Network Egress Filtering:** Block the identified malicious IPs and domains at the enterprise firewall level.
- **Secret Rotation:** Any developer who pulled KICS software between 14:17 and 15:42 UTC on April 22, 2026, must rotate all local secrets and cloud access keys immediately.
- **Audit:** Inspect GitHub accounts for any automatically created or suspicious repositories.