TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Summary
The threat actor TeamPCP has compromised two GitHub Actions workflows maintained by Checkmarx, a supply chain security company. This attack was facilitated by stolen CI credentials, building upon TeamPCP's previous involvement in the Trivy supply chain attack.
IFF Assessment
This is bad news for defenders as it highlights a successful supply chain attack through compromised CI/CD credentials, demonstrating a prevalent and damaging attack vector.
Defender Context
This incident underscores the critical importance of securing CI/CD pipelines and the credentials used within them. Defenders must implement robust access controls, multi-factor authentication, and continuous monitoring for suspicious activity within their development environments to mitigate similar supply chain compromises.