Application security firm Checkmarx confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository after gaining credentials via a Trivy supply-chain attack linked to TeamPCP. The attackers published malicious Docker images and VSCode/Open VSX extensions for the KICS scanner that exfiltrated credentials, keys, tokens, and config files, and Checkmarx says the repository is blocked while a forensic investigation continues. #LAPSUS #Checkmarx
Keypoints
- LAPSUS$ published data stolen from Checkmarxβs private GitHub repository.
- Checkmarx attributes initial access to a Trivy supply-chain attack tied to TeamPCP that exposed downstream credentials.
- Attackers pushed malicious Docker images and VSCode/Open VSX extensions for the KICS security scanner to harvest secrets.
- Checkmarx states the leaked GitHub data does not contain customer information and has blocked repository access pending investigation.
- BleepingComputer reports a 96GB data pack is available on clearnet, and Checkmarx expects to provide more details within 24 hours.