GitHub Supply Chain Chaos: When One Attack Just Isn’t Enough!
GitHub supply chain attack spills secrets from 23,000 projects. Researchers suspect a compromise of reviewdog/action-setup on March 11 led to the theft of a personal access token used in tj-actions/changed-files. The attack was executed with surgical precision, suggesting a high-value target. Check secrets and rotate if exposed.
Hot Take:
GitHub’s supply chain attack saga is the gift that keeps on giving, like a really bad sequel no one asked for. This time, it’s a case of “who compromised who first” in the battle of the GitHub Actions. Looks like the cybercriminals are playing a game of dominoes, and unfortunately, tj-actions and reviewdog were the first to fall. Who knew GitHub actions could be so… action-packed?
Key Points:
- Wiz researchers suspect reviewdog/action-setup was the initial point of compromise in the GitHub supply chain attack.
- The attack on reviewdog may have led to the compromise of tj-actions/changed-files, affecting over 23,000 projects.
- Malicious code injected into reviewdog/action-setup leaked CI/CD secrets, including the PAT for tj-actions.
- The attacker stealthily reverted changes in reviewdog to cover their tracks.
- Security experts advise users to rotate exposed secrets and consider alternative actions.
Already a member? Log in here