Full Report
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below - checkmarx/ast-github-action checkmarx/kics-github-action Cloud security
Analysis Summary
# Incident Report: TeamPCP Supply Chain Compromise of Checkmarx GitHub Actions
## Executive Summary
The threat actor TeamPCP compromised two widely used GitHub Actions maintained by Checkmarx (*ast-github-action* and *kics-github-action*) to deploy a sophisticated credential stealer. The attack utilized credentials stolen from a previous breach of Aqua Security’s Trivy tool, demonstrating a cascading supply chain infection. The primary goal was the automated harvesting of cloud, CI/CD, and development-related secrets for further exploitation.
## Incident Details
- **Discovery Date:** Approximately March 23, 2026
- **Incident Date:** Beginning March 19, 2026 (linked to Trivy breach)
- **Affected Organization:** Checkmarx
- **Sector:** Cybersecurity / Software Development
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** March 2026
- **Vector:** Stolen CI/CD Credentials
- **Details:** Attackers compromised the "cx-plugins-releases" service account. It is highly probable these credentials were harvested from the preceding Trivy action compromise (CVE-2026-33634).
### Lateral Movement
- **Mechanism:** Using stolen GitHub Personal Access Tokens (PATs) and service account secrets to move from one vendor's repository (Aqua Security) to another (Checkmarx).
- **Expansion:** Publication of trojanized Open VSX extensions (*ast-results* v2.53.0 and *cx-dev-assist* v1.7.0) to broaden the infection surface.
### Data Exfiltration/Impact
- **Data Targeted:** SSH keys, AWS/Azure/GCP credentials, Kubernetes/Docker configs, .env files, Git secrets, and Slack/Discord webhooks.
- **Staging:** Stolen data was packed into encrypted archives named `tpcp.tar.gz`.
- **Secondary Method:** If primary exfiltration failed, the malware created a hidden backup repository named `docs-tpcp` in the victim's GitHub account to stage data.
### Detection & Response
- **Detection:** Identified by security firms Sysdig and Wiz through behavioral analysis of CI/CD logs and monitoring of the previous Trivy incident.
- **Response:** Attribution to TeamPCP based on identical payloads, encryption schemes, and exfiltration infrastructure. Dissemination of indicators to the security community.
## Attack Methodology
- **Initial Access:** Valid CI/CD service account credentials.
- **Persistence:** Force-pushing malicious tags to official GitHub Action repositories and publishing trojanized IDE extensions.
- **Privilege Escalation:** Harvesting `GITHUB_TOKEN` from runner memory to perform actions with the permissions of the compromised workflow.
- **Defense Evasion:** Typosquatting exfiltration domains (e.g., `checkmarx[.]zone`) to mimic legitimate vendor traffic in logs.
- **Credential Access:** Automated scanning of CI runner memory and environment variables.
- **Discovery:** Checking for the presence of CLI tools (npx, bunx, yarn) and cloud provider configurations.
- **Lateral Movement:** Using secrets from one compromised supply chain partner to attack another.
- **Collection:** Creation of encrypted `tpcp.tar.gz` archives containing harvested secrets.
- **Exfiltration:** HTTPS POST requests to actor-controlled infrastructure and secondary staging via GitHub repositories.
- **Impact:** Compromise of the software supply chain, potentially affecting any user of the poisoned Checkmarx actions.
## Impact Assessment
- **Financial:** Undisclosed, but involves significant remediation and incident response costs.
- **Data Breach:** High-volume theft of sensitive "keys to the kingdom" (Cloud and CI/CD secrets).
- **Operational:** Disruption to Checkmarx deployment pipelines and forced manual audits for all downstream users.
- **Reputational:** High impact; Checkmarx is a security vendor, and the breach follows a similar high-profile incident with Aqua Security.
## Indicators of Compromise
- **Network Indicators:**
- `checkmarx[.]zone`
- `83.142.209[.]11`
- **File Indicators:**
- `setup.sh` (malicious payload)
- `tpcp.tar.gz` (encrypted archive)
- **Behavioral Indicators:**
- Force-pushing of tags to GitHub repositories.
- Automated creation of repositories named `docs-tpcp` or `tpcp-docs`.
- Unusual `curl` or `npx` execution within CI/CD runners directed at non-standard domains.
## Response Actions
- **Containment:** Revocation of the compromised `cx-plugins-releases` service account.
- **Eradication:** Removal of malicious tags and commits from GitHub repositories; removal of trojanized versions from Open VSX.
- **Recovery:** Analysis of logs to identify if any customer data was accessed via the stolen secrets.
## Lessons Learned
- **The Domino Effect:** Supply chain attacks are no longer isolated; a breach in one trusted tool (Trivy) can provide the credentials necessary to breach another (Checkmarx).
- **Scanner Limitations:** Traditional code review and static analysis failed because the malicious code was injected into "trusted" actions at the source level.
- **Token Security:** Long-lived PATs and service account secrets remain a primary point of failure in CI/CD security.
## Recommendations
1. **Pin Actions to SHAs:** Always pin GitHub Actions to a specific commit SHA rather than a mutable tag (e.g., `v1`).
2. **Limit Token Scope:** Utilize the principle of least privilege for `GITHUB_TOKEN` and PAT permissions (read-only where possible).
3. **Monitor CI Outbound Traffic:** Implement network egress filtering or monitoring for CI/CD runners to detect connections to unauthorized domains.
4. **Secret Rotation:** Implement aggressive rotation policies for any secrets used within CI/CD environments.