KICS GitHub Action Compromised by TeamPCP in Second Supply Chain Attack in Five Days
Key Takeaways
- ▸TeamPCP compromised the KICS GitHub Action using a stolen service account to inject malware across 35 tags in a 4-hour window on March 23rd
- ▸This is the second supply chain attack on a popular open-source security scanner by the same group within five days, indicating coordinated targeting of DevSecOps tools
- ▸The malware evolved from the Trivy attack with new C2 infrastructure, GitHub token-based persistence, and Kubernetes-specific payload capabilities
Summary
The KICS GitHub Action, an open-source infrastructure-as-code security scanner maintained by Checkmarx, was compromised with credential-stealing malware by threat actor TeamPCP on March 23rd. The attack occurred between 12:58 and 16:50 UTC, affecting users who pinned to compromised tags. The malicious code was injected through imposter commits on a repository fork, with an attacker using a compromised service account (cx-plugins-releases) to update all 35 tags and redirect them to malicious commits.
This marks the second major open-source security scanner compromise by TeamPCP in less than a week, following a similar attack on the Trivy security tool. The group demonstrated operational sophistication through familiar naming conventions, reuse of cryptographic keys, and incremental improvements to their malware payload. The new variant includes a command-and-control domain (checkmarx.zone), creates a fallback repository using stolen GitHub tokens, and adds Kubernetes-focused persistence mechanisms alongside existing credential-stealing capabilities.
While KICS has approximately 1% of the public usage of Trivy, it remains broadly deployed across public and private organizations for infrastructure-as-code scanning. The repository was taken down at 16:50 UTC following user notification through a GitHub issue, but organizations using pinned versions of the compromised tags during the attack window may have been affected.
- Security teams should audit workflows referencing KICS GitHub Action and rotate any credentials or tokens that may have been exposed during the compromise window
Editorial Opinion
This attack represents a troubling escalation in supply chain security threats, with sophisticated actors now systematically targeting infrastructure-as-code security tools that organizations depend on to secure their deployments. The rapid succession of attacks on Trivy and KICS suggests TeamPCP is methodically working through a list of high-value open-source security tooling. The addition of Kubernetes-focused persistence mechanisms indicates the attackers are evolving their capabilities to maintain long-term access in containerized environments, raising serious concerns about the security posture of organizations that may have been silently compromised.
