A popular GitHub Action has been compromised in a supply chain attack apparently targeting secrets associated with continuous integration and continuous delivery (CI/CD).
The targeted GitHub Action is called ‘tj-actions/changed-files’. Tj-actions provides GitHub Actions for streamlining CI/CD processes. Changed-files, which is actively used in over 23,000 repositories, is designed for tracking file and directory changes.
According to StepSecurity, a security company specializing in GitHub Actions, the incident started on March 14 and involved a threat actor modifying the Changed-files code to execute a malicious Python script designed to dump CI/CD secrets to build logs.
[...]
Popular GitHub Action Targeted in Supply Chain Attack
Popular GitHub Action Targeted in Supply Chain Attack
-
rbc
- Secretary
- Posts: 374
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Popular GitHub Action Targeted in Supply Chain Attack
Robert B. Carleton + ISC2 Central Mississippi Secretary