Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories.
According to new reports from Palo Alto Unit 42 and Wiz, the attack was carefully planned and began when malicious code was injected into reviewdog/action-setup@v1 GitHub Action. It is unclear how the breach occurred, but the threat actors modified the action to dump CI/CD secrets and authentication tokens into GitHub Actions logs.
As previously reported, the first stage of the breach involved the compromise of the reviewdog/action-setup@v1 GitHub Action. It is unclear how the breach occurred, but when a related GitHub Action, tj-actions/eslint-changed-files, invoked the reviewdog action, causing its secrets to be dumped to workflow logs.
[...]
Coinbase was primary target of recent GitHub Actions breaches
Coinbase was primary target of recent GitHub Actions breaches
-
rbc
- Secretary
- Posts: 374
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Coinbase was primary target of recent GitHub Actions breaches
Robert B. Carleton + ISC2 Central Mississippi Secretary