A large-scale supply chain attack involving malicious GitHub Action workflows has compromised hundreds of repositories and leaked over 3,300 secrets, including credentials for AWS, DockerHub, and NPM. The campaign, dubbed GhostAction, targeted numerous developers and companies, exploiting stolen secrets across various programming language repositories. #GitHubActions #GhostAction
Keypoints
- The attack targeted 327 GitHub users and 817 repositories through malicious workflows.
- Over 3,300 secrets, including tokens for DockerHub, GitHub, NPM, and cloud services, were leaked.
- The compromised workflows were used to harvest and exploit stolen secrets for malicious purposes.
- Many impacted repositories quickly reverted malicious changes, and security teams have been alerted.
- Ongoing surveillance continues to monitor for potential malicious activity in other package registries.
Read More: https://www.securityweek.com/github-workflows-attack-affects-hundreds-of-repos-thousands-of-secrets/