GoKawiilThe TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images and hijacking the company’s GitHub organization to tamper with dozens of repositories.
This follows the threat actor compromising the GitHub build pipeline for Trivy, Aqua Security's scanner, to deliver infostealing malware in a supply-chain attack that extended to Docker Hub over the weekend.
Trivy has more than 33,800 stars on GitHub and is widely used for detecting vulnerabilities, misconfigurations, and exposed secrets across software artifacts and infrastructure.
Supply-chain security company Socket says in a report on Sunday that it identified compromised Trivy artifacts published to Docker Hub.
"New image tags 0.69.5 and 0.69.6 were pushed on March 22 without corresponding GitHub releases or tags," Socket researchers say. According to their analysis, the two images contain indicators of compromise related to the infostealer that TeamPCP pushed after gaining access to Aqua Security's GitHub organization.
The researchers note that the last known Trivy release is 0.69.3 and warn that even if they did not see any evidence of older images or binaries being modified after publication, "Docker Hub tags are not immutable, and organizations should not rely solely on tag names for integrity."
Breaching AquaSec's GitHub
On March 20, Aqua Security said that the threat actor gained access to the company's GitHub organization due to incomplete containment of a previous incident targeting the same tool at the beginning of the month.
"We rotated secrets and tokens, but the process wasn't atomic and attackers may have been privy to refreshed tokens," Aqua Security
This allowed the attacker to inject into Trivy credential-harvesting code (TeamPCP Cloud stealer) and publish malicious versions of the tool.
... continue reading