Supply Chain Alert: Compromised GitHub Actions Target CI/CD Secrets via Git Tag Manipulation

A sophisticated supply chain attack has been identified targeting the actions-cool/issues-helper GitHub Action. The breach leverages a highly effective technique to bypass standard repository inspections, ultimately exfiltrating sensitive CI/CD secrets to an attacker-controlled infrastructure.

This is not an isolated incident; the same methodology was detected in a secondary repository, actions-cool/maintain-one-comment, suggesting a coordinated campaign.

The core of the exploit lies in the manipulation of Git tags rather than the modification of the visible commit history. Attackers successfully reassigned all existing release tags to a rogue “imposter commit” (specifically hash 1c9e803). This commit exists outside the scope of any legitimate branch in the repository. Because most DevOps workflows utilize versioned tags (e.g., @v3) for convenience, the malicious code was automatically pulled into environments during subsequent workflow executions. Only workflows utilizing immutable, pinned commit SHAs remained protected from this specific vector.

According to security researchers at StepSecurity, this reassignment effectively weaponized every versioned reference of the action, turning standard update practices into a delivery mechanism for credential theft.

Technical Deep Dive: Memory Scraping and Exfiltration

Once the malicious action executes within a GitHub Actions runner, it initiates a multi-stage payload designed to harvest high-value secrets directly from the system’s memory. The execution flow is as follows:

  1. Environment Preparation: The payload downloads the bun JavaScript runtime to facilitate the execution of its malicious logic.
  2. Privilege Escalation: The script spawns various subprocesses, including python3, and utilizes sudo to escalate privileges, allowing it to access restricted memory segments.
  3. Memory Scavenging: The attacker targets the /proc/<pid>/mem interface. Specifically, the payload scrapes the memory space of the Runner.Worker process.

The Runner.Worker process is a critical component of the GitHub infrastructure, as it handles the decryption and management of secrets during workflow runtime. By parsing this memory, the attacker can extract API tokens, cloud provider credentials, and environment-specific secrets in plaintext.

The actions-cool/issues-helper Tags page on GitHub showing reassigned tags.
The actions-cool/issues-helper Tags page on GitHub, illustrating the reassigned tags. (Source: StepSecurity)

The harvested data is refined using standard Linux utilities such as tr and grep to isolate strings explicitly marked with the "isSecret": true attribute. Once the payload isolates these credentials, it initiates an outbound HTTPS request to the exfiltration endpoint t.m-kosche.com to transmit the stolen data.

This activity was validated via the StepSecurity Harden-Runner platform, which successfully flagged the anomalous bun process and the unauthorized outbound network connection in real-time.

Harden-Runner network monitor showing outbound call to the malicious domain.
Harden-Runner’s network monitor intercepting the anomalous outbound call to the exfiltration domain. (Source: Stepsecurity)

Mitigation and Defensive Strategies

This incident exposes a fundamental vulnerability in the trust model of tag-based dependency management. To protect your CI/CD pipelines, security teams should implement the following best practices:

  • Pin to Immutable SHAs: Transition away from version tags (e.g., @v1) and instead reference actions by their full 40-character commit SHA. This ensures that even if a tag is moved, your workflow remains locked to a known-good state.
  • Implement Imposter Commit Detection: Use tools that can identify when a workflow references a commit that does not correspond to a valid branch or tag in the upstream repository.
  • Restrict Outbound Networking: Utilize hardened runners that implement strict egress filtering, preventing runners from communicating with unauthorized or unknown external domains.

StepSecurity has proactively updated its Compromised Actions Policy to block the affected repositories and has added the attacker’s domain to the Harden-Runner global block list to prevent data exfiltration.

Indicators of Compromise (IOCs)

Affected GitHub Actions

  • actions-cool/issues-helper (All 53 tags reassigned to an imposter commit)
  • actions-cool/maintain-one-comment (All 15 tags reassigned to an imposter commit)

Exfiltration Infrastructure

  • t.m-kosche.com (Destination for harvested Runner.Worker memory credentials)

Security Note: IP addresses and domains have been defanged (e.g., [.]) to prevent accidental execution. Please re-fang these indicators only within controlled environments such as your SIEM, MISP, or VirusTotal.

Related Articles

Back to top button