Full Report
A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains. The post Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files appeared first on Unit 42.
Analysis Summary
# Incident Report: Compromise of GitHub Actions for Software Supply Chain Exposure
## Executive Summary
A sophisticated software supply chain attack involved the compromise of the widely used GitHub action `tj-actions/changed-files` and several actions within the `reviewdog` organization. Attackers injected malicious code via modified official release tags, leveraging a leaked Personal Access Token (PAT) to steal CI/CD secrets by dumping runner memory into public workflow logs. This highlights severe risks associated with dependency vetting and repository security controls in CI/CD pipelines.
## Incident Details
- Discovery Date: March 14, 2025
- Incident Date: Began prior to March 14, 2025 (exact start unknown)
- Affected Organization: tj-actions maintainers; reviewdog organization maintainers; Over 23,000 consuming repositories.
- Sector: Technology/Software Development (CI/CD Ecosystem)
- Geography: Global (GitHub platform)
## Timeline of Events
### Initial Access
- Date/Time: Before March 14, 2025
- Vector: Compromised GitHub Personal Access Token (PAT) linked to the `@tj-actions-bot` account.
- Details: The PAT was used to push a malicious commit associated with a tampered release tag in the `tj-actions/changed-files` repository. The compromise may have originated from an attack on the `reviewdog/action-setup` action, suggesting a multi-stage dependency compromise.
### Lateral Movement
- Attackers used the compromised PAT to modify tagged releases across multiple actions, including `tj-actions/changed-files` and `tj-actions/eslint-changed-files`, and several `reviewdog` organization actions. This modification allowed them to target consumers of these actions indirectly.
### Data Exfiltration/Impact
- The injected malicious payload (a Python script) executed on CI/CD runners, dumping environment variables and sensitive secrets from the runner's memory directly into the public workflow logs. This exposed sensitive credentials to the attackers.
### Detection & Response
- **Detection:** First identified on March 14, 2025, by security researchers (StepSecurity).
- **Response:** Researchers reported the incident to maintainers. Affected users were advised to identify usage, review logs, and rotate secrets immediately.
## Attack Methodology
- **Initial Access:** Compromise of a GitHub PAT (@tj-actions-bot), potentially leveraging prior compromise of the `reviewdog` organization actions.
- **Persistence:** Not explicitly detailed, but persistence was achieved by modifying historical *tagged releases* to point to the malicious commit, ensuring that subsequent workflow runs using those specific versions remained compromised.
- **Privilege Escalation:** N/A (The attack utilized existing permissions granted to the compromised bot account).
- **Defense Evasion:** Attackers impersonated a legitimate user account (`renovate[bot]`) when pushing the malicious commit to disguise the change.
- **Credential Access:** Execution of a Python script on the runner to read and dump CI/CD secrets from the runner's memory.
- **Discovery:** N/A (Direct injection rather than external reconnaissance).
- **Lateral Movement:** Compromising dependent/downstream actions (`reviewdog` actions) appears to have been part of the broader supply chain exploitation.
- **Collection:** Dumping CI/CD runner memory contents.
- **Exfiltration:** Secrets were exfiltrated by being written to publicly accessible GitHub Actions workflow logs.
- **Impact:** Unauthorized disclosure of sensitive secrets/environment variables used in automated pipelines.
## Impact Assessment
- **Financial:** Not explicitly disclosed, but significant remediation costs for affected organizations are implied.
- **Data Breach:** Sensitive CI/CD secrets (including long-term cloud provider credentials if present) were leaked.
- **Operational:** Disruption for all 23,000+ repositories using the affected action, requiring manual auditing and secret rotation.
- **Reputational:** Damage to trust in third-party GitHub actions and the software supply chain ecosystem.
## Indicators of Compromise
- **Network indicators:** (Not provided/applicable as data was posted to GitHub logs)
- **File indicators:** Malicious Python script executed on the runner. SHA1 hash of the malicious commit: `0e58ed8671d6b60d0890c21b07f8835ace038e67`.
- **Behavioral indicators:** Suspicious activity detected originating from the `tj-actions/changed-files` action; secrets appearing in public workflow logs.
## Response Actions
- **Containment measures:** Immediate identification of affected repositories and analysis of workflow logs.
- **Eradication steps:** Rotation of all potentially compromised secrets across consuming repositories.
- **Recovery actions:** Community outreach and advisories regarding the use of the compromised actions.
## Lessons Learned
- **Third-party dependency risk:** Direct reliance on external, unvetted GitHub actions introduces severe software supply chain risk.
- **Repository Security Gaps:** The lack of security controls (e.g., branch/tag protection rules, required signed commits) in the target repository allowed the malicious modification to persist via official tags.
- **Excessive Token Permissions:** Use of the default, highly permissive `GITHUB_TOKEN` scope increases the blast radius of any secret leakage.
- **Insecure Cloud Credential Storage:** Reliance on long-term secrets for cloud provider access increases the impact of credential theft, as tokens remain valid indefinitely upon leakage.
## Recommendations
- Implement mandatory branch and tag protection rules on all critical repositories.
- Move away from long-term cloud credentials toward short-lived access tokens using OpenID Connect (OIDC) for cloud provider authentication within GitHub Actions.
- Review the permissions granted to the `GITHUB_TOKEN` for all workflows, adhering to the principle of least privilege.
- Implement continuous monitoring and runtime security tools to detect unauthorized memory dumping or suspicious script execution within CI/CD runners.