Full Report
A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. [...]
Analysis Summary
# Incident Report: Supply Chain Attack on Popular GitHub Action Exposing CI/CD Secrets
## Executive Summary
A supply chain attack compromised the popular GitHub Action, `tj-actions/changed-files`, resulting in the injection of malicious code into CI/CD workflows that utilized it. This code dumped the memory of CI runners, exposing workflow secrets as double-encoded base64 payloads visible in public workflow logs. GitHub contained the incident rapidly by removing the compromised action and restoring the repository, leading to the assignment of CVE-2025-30066.
## Incident Details
- **Discovery Date:** March 15 (Time generally unclear, but GitHub removed the action later that day)
- **Incident Date:** March 14 - March 15, 2025 (Timeframe during which the malicious code was active)
- **Affected Organization:** Multiple software projects utilizing the compromised GitHub Action (`tj-actions/changed-files`).
- **Sector:** Software Development / CI/CD Infrastructure
- **Geography:** Global (Impacted any international user of the public GitHub Action)
## Timeline of Events
### Initial Access
- **Date/Time:** March 14 - March 15 UTC
- **Vector:** Supply Chain compromise targeting a trusted third-party GitHub Action (`tj-actions/changed-files`).
- **Details:** The specific method of compromise for the `PAT` (presumably the repository or publishing mechanism for the Action) is currently unclear. Malicious code was injected into the Action.
### Lateral Movement
- **Details:** Not explicitly described as traditional lateral movement across victim enterprises. The compromise immediately affected any downstream CI/CD pipelines that called the compromised Action, effectively gaining access to the runner environment and its secrets during execution.
### Data Exfiltration/Impact
- **Details:** The malicious code executed within CI runners, dumping the memory content containing workflow secrets. Instead of covert exfiltration, the secrets, obfuscated as a double-encoded base64 payload, were written directly into the publicly accessible workflow logs of repositories using the Action.
### Detection & Response
- **How it was discovered:** Details of the initial discovery are not provided, but the compromise was recognized by March 15.
- **Response actions taken:**
- **March 15, 2:00 PM UTC:** GitHub removed the compromised action.
- **March 15, 10:00 PM UTC:** The repository was restored, and the malicious code was removed.
- Guidance was issued to users regarding remediation steps.
## Attack Methodology
- **Initial Access:** Supply Chain compromise of a widely used third-party GitHub Action.
- **Persistence:** Persistence mechanisms within the CI runner environment until the workflow completed or the action was removed by GitHub.
- **Privilege Escalation:** Gaining access to the CI runner environment inherently granted access to the secrets/tokens available to that specific workflow execution context.
- **Defense Evasion:** The payload was allegedly "obfuscated as a double-encoded base64 payload" within the visible logs, which might have helped delay manual detection.
- **Credential Access:** Dumping the memory of the CI runner, which contained workflow secrets.
- **Discovery:** Not explicitly detailed, but likely reconnaissance on stored environment variables/secrets within the execution context.
- **Lateral Movement:** N/A (Targeted runner environments directly).
- **Collection:** Dumping CI runner memory containing secrets.
- **Exfiltration:** Writing obfuscated secrets directly to public workflow logs, relying on the visibility of the logs for "exfiltration" rather than covert remote transfer.
- **Impact:** Exposure of CI/CD secrets to the public internet.
## Impact Assessment
- **Financial:** Not disclosed.
- **Data Breach:** Exposure of sensitive CI/CD secrets (API keys, credentials, tokens) used during the build/deployment processes for impacted projects. The volume depends on the number of workflows executed while the malicious code was active (March 14-15).
- **Operational:** Minimal direct operational disruption to the underlying infrastructure, but significant potential for secondary impact if exposed secrets are leveraged by adversaries.
- **Reputational:** Negative impact on the trust associated with using community-contributed GitHub Actions.
## Indicators of Compromise
- **Network indicators:** None definitively listed (suggests no external C2 connection was made).
- **File indicators:** Malicious code injected into the `tj-actions/changed-files` action logic across various versions used between March 14 and March 15.
- **Behavioral indicators:** Unexpected output visible in public workflow logs under the `'changed-files'` section formatted as a double-encoded base64 payload.
## Response Actions
- **Containment measures:** GitHub immediately removed the compromised action from the marketplace/registry.
- **Eradication steps:** The malicious code was removed from the restored repository.
- **Recovery actions:** Impacted users were instructed to:
1. Rotate any secrets used during the attack's timeframe (March 14-15).
2. Review workflows for unexpected output under the 'changed-files' section.
3. Update workflows referencing the compromised commit SHA to use a stable version.
4. Immediately switch to using specific, tagged versions (e.g., v35, v44.5.1) instead of potentially mutable references.
## Lessons Learned
- Relying on mutable version tags (or master commits) for third-party actions introduces significant supply chain risk, as demonstrated when the live code was altered.
- Third-party dependency security requires constant vigilance, even for widely used tools.
- The method of "exfiltration" via public logging demonstrates creative ways attackers can exploit visibility within CI/CD systems.
## Recommendations
- Pin all imported GitHub Actions to specific resolved commit SHAs instead of version tags (as recommended by GitHub).
- Implement GitHub Actions allow-listing functionality to restrict workflows to using only trusted, audited Actions.
- Immediately conduct a secret rotation audit for any environment that executed code via the potentially compromised Action between March 14 and March 15.
- Establish processes to monitor CI/CD workflow logs for unusual output formats or large amounts of encoded data, even if direct remote exfiltration is absent.