Token Exfiltration Campaign via GitHub Actions Workflows
Summary
I recently responded to an attack campaign where malicious actors injected code into GitHub Actions workflows attempting to steal PyPI publishing tokens. PyPI was not compromised, and no PyPI packages were published by the attackers.
Attackers targeted a wide variety of repositories, many of which had PyPI tokens stored as GitHub secrets, modifying their workflows to send those tokens to external servers. While the attackers successfully exfiltrated some tokens, they do not appear to have used them on PyPI.
I've invalidated all affected tokens and notified the impacted project maintainers. If you're one of them, I have emailed you from [email protected].
You can read more about the details of the attack on GitGuardian's blog.
Timeline and Response
On September 5th, a GitGuardian employee used the PyPI "Report as malware" button to submit their findings for a project named fastuuid - namely they found a malicious GitHub Actions workflow attempting to exfiltrate PyPI tokens to a remote server. No compromise on PyPI was found, tokens relating to the user accounts were invalidated, and I reached out to the project owners to notify and help secure the account and project.
Later on September 5th, another researcher from GitGuardian emailed PyPI Security directly about their current findings, effectively an expansion of the previous attack. Due to some of the contents in that email, it ended up in our inbound Spam folder, delaying response until September 10th when I became aware of the attack via other channels, and found the original email in the Spam folder. I may follow up with our support system provider to see about improving spam filtering rules.
After triaging the situation, I discovered another Indicator of Compromise (IoC) in the form of a URL, which I shared with GitGuardian to assist with their ongoing investigation.
... continue reading