What is a GitHub Action supply chain attack?

It is an attack where a malicious actor compromises a popular, third-party GitHub Action that other developers use in their CI/CD pipelines. By injecting malicious code into the action, the attacker can execute it within the context of every user's workflow, allowing them to steal secrets, tamper with code, or compromise build artifacts.

I use the Checkmarx ast-github-action or kics-github-action. What should I do right now?

First, audit your workflow logs to determine if you ran a compromised version. Second, immediately rotate all secrets, API keys, and credentials used in those workflows. Third, update your workflow files to pin the action to a specific, verified commit hash (SHA) instead of a version tag to prevent automatic updates to potentially malicious versions.

How can I better secure my own organization's GitHub Actions?

Follow the principle of least privilege by scoping down token permissions in your workflows. Use OpenID Connect (OIDC) for cloud authentication to avoid storing long-lived secrets. Pin all third-party actions to specific commit hashes. Regularly audit workflow logs and implement automated secret scanning in your repositories.

Who is the threat actor TeamPCP?

Based on current intelligence, TeamPCP is a sophisticated cybercriminal group specializing in 'cloud-native' attacks. They focus on compromising CI/CD pipelines and software supply chains. They were previously associated with an attack on the ecosystem around the open-source scanner Trivy and appear to target development infrastructure to steal credentials and gain widespread access.

TeamPCP hacks Checkmarx GitHub Actions using stolen CI credentials

Introduction: The supply chain strikes back, at a security vendor

In a deeply concerning development for the software supply chain, the cloud-native threat actor known as TeamPCP has successfully compromised two popular GitHub Actions maintained by cybersecurity firm Checkmarx. By leveraging stolen CI/CD credentials, the attackers modified the workflows to exfiltrate secrets from organizations that used them, creating a significant downstream security risk. The incident is a stark reminder that even the tools designed to protect us can become vectors for attack.

The compromised actions, checkmarx/ast-github-action and checkmarx/kics-github-action, are used by developers to integrate Checkmarx's application security testing (AST) and infrastructure-as-code (IaC) scanning directly into their development pipelines. This attack follows a pattern of behavior from TeamPCP, who were previously linked to a similar supply chain attack targeting users of the open-source Trivy scanner, according to initial reports (The Hacker News, 2026).

Background: A high-value target

GitHub Actions have become the backbone of modern software development, automating everything from testing and building to deployment. Their power lies in their integration and ability to use secrets—such as API keys, cloud credentials, and access tokens—to interact with other services. This concentration of sensitive data makes them a prime target for attackers. A single compromised action, especially one maintained by a trusted security vendor like Checkmarx, can provide a foothold into thousands of other organizations' private infrastructure.

TeamPCP has cultivated a reputation for being a sophisticated, cloud-focused adversary. Unlike ransomware gangs focused on broad disruption, this group appears to specialize in precise, stealthy attacks on the software development lifecycle. By targeting CI/CD pipelines, they aim to achieve two goals: steal high-value credentials for later use and potentially inject malicious code into signed software releases, creating a widespread supply chain compromise.

The choice of Checkmarx as a target is both audacious and strategic. Compromising a security vendor's tools erodes trust in the very systems meant to provide assurance. It exploits the implicit trust developers place in security scanning tools, turning a shield into a sword.

Technical details: Anatomy of a CI/CD pipeline breach

While a full investigation is ongoing, initial analysis points to a classic credential compromise as the entry point. It is believed that TeamPCP gained access to a Personal Access Token (PAT) belonging to a developer with write permissions to the Checkmarx repositories. This type of credential theft often originates from a compromised developer workstation or from accidentally leaked secrets in public code repositories.

Once in possession of the PAT, the attackers carried out the following steps:

Code Modification: The threat actor pushed malicious commits to the repositories for ast-github-action and kics-github-action. The changes were subtle, designed to mimic a routine update or bug fix to avoid immediate detection. The malicious code was added to the scripts executed by the actions.
Secret Exfiltration Logic: The injected code was designed to collect environment variables and secrets available within the GitHub Actions runner environment where it was executed. This includes the default GITHUB_TOKEN, which has permissions to the repository, as well as any other secrets explicitly passed to the workflow, such as AWS_ACCESS_KEY_ID, AZURE_CREDENTIALS, or DOCKER_HUB_TOKEN.
Data Exfiltration: The stolen credentials were then base64 encoded and exfiltrated over HTTPS to a command-and-control (C2) server controlled by TeamPCP. The use of HTTPS for exfiltration helps the traffic blend in with normal web traffic, making it harder to detect by network monitoring tools.
Tagging a New Release: To ensure the malicious code was widely adopted, the attackers tagged a new version (e.g., v1.2.4). Workflows configured to use a floating tag (like @v1) or a broad version range would automatically pull the compromised version in their next run, triggering the malicious payload.

This attack chain is frighteningly effective because it operates within the legitimate, expected behavior of a CI/CD pipeline. The action runs, performs its intended security scan, and then quietly sends a copy of the environment's secrets to the attacker. For the end user, the workflow completes successfully, raising no immediate alarms.

Impact assessment: A cascading supply chain risk

The impact of this breach is severe and multi-layered, affecting Checkmarx directly and its user base indirectly.

For Checkmarx: The company faces significant reputational damage. As a leader in application security, having its own tools compromised undermines customer trust. The incident will necessitate a costly and resource-intensive effort in remediation, incident response, and rebuilding confidence.
For Users of the Actions: This is the most critical area of impact. Any organization that used the compromised versions of these actions must assume that all secrets exposed to their CI/CD workflows have been stolen. This includes credentials for cloud providers, package registries, and other third-party services. The potential consequences range from unauthorized access to source code and intellectual property theft to complete compromise of cloud infrastructure.

The severity is rated as Critical. The silent, widespread nature of the credential theft means many victims may not be aware of their exposure for some time, giving TeamPCP a long window to exploit the stolen access across numerous high-value targets.

How to protect yourself

Organizations must take immediate and long-term steps to mitigate the risks from this incident and prevent future ones.

Immediate Actions:

Audit GitHub Actions Usage: Identify all workflows in your organization that use checkmarx/ast-github-action or checkmarx/kics-github-action. Check the logs of recent runs to see which version was executed.
Rotate All CI/CD Secrets: If you used a compromised version, you must assume all secrets available to those workflows are compromised. Immediately rotate all API keys, tokens, and credentials. This is not optional.
Pin to a Specific Commit Hash: Update your workflows to use a specific, verified commit SHA instead of a version tag (e.g., uses: checkmarx/ast-github-action@845b71342d1f4223233b20e58d35e07d3a4e98d9). This prevents your workflow from automatically pulling in new, potentially malicious versions.

Long-Term Security Hardening:

Enforce the Principle of Least Privilege: Limit the permissions of the GITHUB_TOKEN in your workflows. By default, it has broad permissions. Scope it down to only what is needed for that specific job. For example:
permissions:
contents: read
pull-requests: write
Use OpenID Connect (OIDC): Whenever possible, use short-lived OIDC tokens to authenticate with cloud providers like AWS, Azure, or GCP. This avoids storing long-lived credentials as GitHub secrets entirely.
Implement Secret Scanning: Use automated tools to scan your repositories for accidentally committed secrets. This can prevent the initial credential leak that often starts an attack chain.
Secure Developer Environments: Developers are high-value targets. Enforce the use of multi-factor authentication (MFA) on developer accounts and encourage the use of a VPN service to protect network traffic when working remotely.
Vet Third-Party Actions: Do not blindly trust third-party actions. Review their source code, check their permissions, and pin them to a commit hash you have personally audited.

This attack on Checkmarx is not an isolated incident but part of a growing trend targeting the software supply chain. As development pipelines become more complex and interconnected, they also become more fragile. Every dependency, every action, and every integrated tool is a potential entry point. Vigilance, verification, and a zero-trust mindset are no longer optional for modern development teams.