Attack Chain

1. Initial compromise of a developer’s machine or CI/CD environment via an unspecified initial access vector.
2. Deployment of an infostealer binary onto the compromised system.
3. The infostealer scans the local file system for .env files containing sensitive credentials.
4. The infostealer targets CI/CD environment variables to extract API keys, tokens, and other secrets.
5. The infostealer searches for cloud tokens, potentially targeting AWS credentials, Azure service principals, or GCP service account keys.
6. Extracted credentials are used to gain unauthorized access to GitHub accounts and CI/CD pipelines.
7. Attackers inject malicious code or dependencies into the targeted projects, potentially leading to supply chain contamination.
8. Compromised code is distributed to downstream users of Trivy, KICS, LiteLLM, and other impacted projects.

Impact

The TeamPCP supply chain attack has impacted multiple companies and projects, including Trivy, KICS, and LiteLLM. The compromise of CI/CD pipelines and GitHub accounts allows attackers to inject malicious code into software projects, potentially affecting thousands of users. This can lead to data breaches, malware infections, and erosion of trust in the affected software. The exact number of victims is unknown, but the impact is significant due to the widespread use of the compromised projects in the cloud security and development sectors.

Recommendation

• Implement multi-factor authentication (MFA) on all GitHub accounts and CI/CD pipelines to prevent unauthorized access.
• Rotate API keys and tokens regularly, especially those used in CI/CD environments, to minimize the impact of credential theft.
• Implement secrets scanning in CI/CD pipelines to prevent accidental exposure of sensitive information in code repositories.
• Deploy the Sigma rule “Detect Infostealer Activity in CI/CD Environments” to identify suspicious processes accessing environment variables.
• Monitor file system access for unusual reads of .env files, using the “Detect .env File Access” Sigma rule.
• Implement network monitoring to detect anomalous connections originating from CI/CD servers or developer workstations.

Attack Chain

Due to the limited information, the attack chain below is based on a typical supply chain compromise scenario:

1. TeamPCP gains unauthorized access to the KICS GitHub Action repository or its build process.
2. The attacker injects malicious code into the KICS GitHub Action. This code could be designed to exfiltrate sensitive information, modify infrastructure configurations, or establish a backdoor.
3. A new version of the KICS GitHub Action, containing the malicious code, is released and made available on the GitHub Marketplace.
4. Organizations using the KICS GitHub Action automatically update to the compromised version through their CI/CD pipelines.
5. The malicious code executes within the CI/CD environments of victim organizations, potentially gaining access to environment variables, secrets, and other sensitive data.
6. The malicious code exfiltrates collected data to attacker-controlled infrastructure.
7. The attacker uses the exfiltrated data to further compromise the victim’s infrastructure or gain unauthorized access to their systems.

Impact

The compromise of the KICS GitHub Action represents a significant supply chain risk. Organizations utilizing the compromised action in their CI/CD pipelines could have experienced exfiltration of sensitive data, including API keys, credentials, and infrastructure configurations. Successful exploitation could lead to unauthorized access to cloud resources, data breaches, and disruption of services. While the exact number of affected organizations remains unclear, the widespread use of KICS suggests a potentially large impact.

Recommendation

• Investigate CI/CD pipeline logs for usage of the compromised KICS GitHub Action version (refer to Overview).
• Audit GitHub Action dependencies in CI/CD pipelines to identify and remove any unauthorized or suspicious actions (refer to Overview).
• Monitor network traffic originating from CI/CD environments for connections to unusual or malicious destinations (based on potential exfiltration in Attack Chain).
• Implement stricter access controls and monitoring for GitHub Action repositories and build processes to prevent future supply chain attacks (refer to Overview).
• Deploy the Sigma rule detecting suspicious script execution within GitHub Action workflows to identify potential malicious activity (see rule below).

Attack Chain

1. The attacker compromises the GitHub repository or account with permissions to manage tags for the Trivy Security Scanner GitHub Actions.
2. The attacker creates or modifies existing tags (75 in this case) to point to malicious code repositories.
3. Users unknowingly include the compromised tags in their GitHub Actions workflows, triggering the malicious code during CI/CD pipeline execution.
4. The malicious code executes within the user’s CI/CD environment, gaining access to environment variables and secrets.
5. The attacker’s code exfiltrates the stolen CI/CD secrets to an external server controlled by the attacker.
6. The attacker uses the stolen secrets to gain unauthorized access to victim’s systems, cloud resources, or code repositories.
7. The attacker may further compromise the victim’s infrastructure, inject malicious code into software builds, or steal sensitive data.

Impact

This attack has the potential to impact a wide range of organizations that rely on the Trivy Security Scanner GitHub Actions in their CI/CD pipelines. The successful theft of CI/CD secrets can lead to significant data breaches, supply chain compromise, and unauthorized access to critical infrastructure. The scope of impact depends on the number of users affected by the compromised tags and the sensitivity of the secrets stored within their CI/CD environments. The incident could result in financial losses, reputational damage, and legal liabilities for affected organizations.

Recommendation

• Review GitHub Actions workflows for use of the compromised Trivy Security Scanner tags (reference: Overview).
• Implement stricter access controls and multi-factor authentication for GitHub accounts with permissions to manage tags (reference: Attack Chain).
• Deploy the Sigma rule to detect suspicious script execution within GitHub Actions workflows (reference: rules).
• Monitor network traffic for unusual outbound connections originating from CI/CD environments, indicative of secret exfiltration (reference: rules).
• Implement secrets scanning tools to detect exposed credentials and API keys within code repositories and CI/CD environments (reference: Attack Chain).