Summary: A recent GitHub Actions cascading supply chain attack primarily targeted Coinbase, compromising secrets in hundreds of repositories. The attackers injected malicious code into a GitHub Action, allowing them to access sensitive CI/CD tokens, although Coinbase reported that the attack was ultimately unsuccessful in causing damage. While the effort was initially focused on Coinbase, it later expanded to other projects utilizing the compromised action, impacting a total of 218 repositories.
Affected: Coinbase and 218 repositories utilizing tj-actions/changed-files
Keypoints :
- Attack started with the compromise of reviewdog/action-setup@v1 GitHub Action.
- Threat actors modified the action to dump CI/CD secrets into logs.
- Coinbaseβs systems were targeted, but the attack did not result in any significant impact to their assets.
- A total of 23,000 projects used the affected action, but only 218 repositories were compromised.