A sophisticated supply chain attack initially aimed at Coinbase has now been linked to a wider campaign targeting users of the “tj-actions/changed-files” GitHub Action. This breach is believed to have originated from the theft of a personal access token (PAT) connected to the SpotBugs project, unveiled by Palo Alto Networks’ Unit 42 in a recent update.
The attackers leveraged GitHub Actions workflows associated with SpotBugs, a widely-utilized open-source tool for static code analysis, to gain initial access. This strategy allowed lateral movement across SpotBugs repositories, ultimately leading to unauthorized access to reviewdog, another project reliant on GitHub Actions.
Chronologically, the malicious activities appear to have commenced as early as late November 2024, although significant attacks against Coinbase did not unfold until March 2025. The investigation highlights how the compromised PAT facilitated a rogue version of “reviewdog/action-setup” being introduced, which was subsequently utilized by “tj-actions/changed-files.”
Further insights reveal that the compromised maintainer of reviewdog was also engaged with SpotBugs. By pushing a malicious GitHub Actions workflow file to the “spotbugs/spotbugs” repository under the alias “jurkaofavak,” the attackers executed a series of steps that led to leaking the maintainer’s PAT when the workflow was triggered.
It’s crucial to note that this same PAT provided access to both “spotbugs/spotbugs” and “reviewdog/action-setup,” implying that the attackers could potentially manipulate either repository. Investigation outcomes indicate that the malicious actor behind the commit gained write access to “spotbugs/spotbugs” in a rather unusual fashion, facilitated by a legitimate invitation from a project maintainer on March 11, 2025.
This invites speculation regarding how write permissions were procured, as the attackers reportedly created a fork of the “spotbugs/sonar-findbugs” repository to orchestrate the invitation. A key turning point occurred when the SpotBugs maintainer had altered their workflow to utilize their own PAT for resolving technical issues within their CI/CD pipeline, ultimately allowing the attacker to exploit the situation further.
Unit 42 has underscored the attack’s mechanism involving the “pull_request_target” trigger, a GitHub Actions feature allowing workflows from forked repositories to access secrets, including the compromised PAT. This has given rise to what researchers term a poisoned pipeline execution attack (PPE).
One lingering question remains regarding the three-month hiatus between the initial leak of the PAT and its eventual exploitation. Analysts suspect the attackers bided their time, strategically waiting for high-value targets reliant on “tj-actions/changed-files” before executing their plans. Unit 42 researchers have pondered why such meticulous efforts culminated in exposing secrets, inadvertently revealing the attack itself.
This incident underscores the need for vigilance in managing access tokens and permissions within open-source projects, reinforcing that even seemingly benign elements of a workflow can become vectors for substantial attacks. Business owners should take this narrative as a clarion call to strengthen their security practices against supply chain vulnerabilities in the ever-evolving landscape of cybersecurity threats.
