TeamPCP Expands Supply Chain Attacks to Checkmarx GitHub Actions

March 24, 2026 Faeem BLOGS 0

The threat actor group TeamPCP, already linked to the Trivy supply chain compromise, has now poisoned two GitHub Actions workflows maintained by Checkmarx. This marks another escalation in their campaign to weaponize CI/CD pipelines by stealing credentials and secrets at scale.

What Happened

  • Compromised workflows:
    • checkmarx/ast-github-action
    • checkmarx/kics-github-action
  • Attack vector: Credential stealer injected into trusted GitHub Actions via malicious commits.
  • Exfiltration: Stolen data sent to checkmarx[.]zone as encrypted archives (tpcp.tar.gz).
  • Fallback mechanism: Creation of repos named docs-tpcp or tpcp-docs using stolen GITHUB_TOKENs to stage data if exfiltration fails.

The Stealer’s Capabilities

The TeamPCP Cloud stealer harvests:

  • SSH keys, Git tokens, AWS, GCP, Azure, Kubernetes, Docker credentials
  • Database secrets, VPN configs, .env files
  • Cryptocurrency wallet data
  • Slack and Discord webhook URLs
  • CI/CD configurations and runner memory tokens

This enables cascading compromise: one poisoned action captures secrets that can be used to poison other actions across the ecosystem.

Escalation Beyond GitHub Actions

  • Trojanized extensions: Malicious versions of ast-results and cx-dev-assist published to Open VSX (VS Code Marketplace versions unaffected).
  • Persistence: On non‑CI systems, malware installs a systemd user service polling checkmarx[.]zone/raw every 50 minutes.
  • Deception: Typosquat domains mimic vendor names to disguise malicious traffic in CI/CD logs.
  • Regional targeting: Malicious Kubernetes script wipes machines if locale matches Iranian time zone.

Defensive Recommendations

  • Rotate all secrets: Tokens, cloud credentials, and CI/CD keys exposed during the affected window.
  • Audit workflows: Look for references to tpcp.tar.gz, checkmarx[.]zone, or scan.aquasecurity[.]org.
  • Search repos: Identify suspicious repos named tpcp-docs or docs-tpcp.
  • Pin actions by commit SHA: Prevent force‑pushed tags from introducing malicious code.
  • Monitor CI runner traffic: Block suspicious outbound connections.
  • Restrict IMDS access: Use IMDSv2 to harden cloud runner containers.

Final Thought

TeamPCP’s campaign demonstrates how CI/CD pipelines are now prime targets for supply chain attackers. By poisoning trusted GitHub Actions, they bypass traditional code review and dependency scanning. For defenders, the lesson is clear: trust must be verified continuously, and secrets must be rotated aggressively to contain cascading compromise.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.