GitHub Supply Chain Attack: The Compromise of tj-actions/changed-files

In mid-March 2025, the software development community was rocked by a significant supply chain attack targeting GitHub Actions. This incident serves as a stark reminder of the vulnerability of modern software supply chains and the far-reaching consequences when widely-used components are compromised. Let's dive into this recent attack, examining who was affected, how it happened, and what lessons we can learn.

The Who: Targets and Victims

The attack primarily targeted a popular GitHub Action called tj-actions/changed-files, which is used by over 23,000 GitHub repositories to detect file changes in open source projects. This GitHub Action is a crucial component in many continuous integration/continuous delivery (CI/CD) pipelines, making it an attractive target for attackers.

Surprisingly, investigation by security researchers revealed that the attack was initially focused on Coinbase, the cryptocurrency exchange. According to Palo Alto Networks' Unit 42, "The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for further compromises." However, the attackers were unable to use Coinbase secrets or publish packages.

After the initial targeted attack on Coinbase, the attack expanded to affect repositories across GitHub. According to Endor Labs, approximately 218 GitHub repositories had their secrets exposed due to this supply chain attack. The compromised information included GitHub Personal Access Tokens (PATs), AWS access keys, npm tokens, and private RSA keys.

The When: Timeline of Events

The attack unfolded over several days in March 2025:

1. March 10-11, 2025: Initial compromise of reviewdog/action-setup@v1, which would later be used to target tj-actions/changed-files.

2. March 10-14, 2025: The attacker successfully pushed a malicious commit to the tj-actions/changed-files GitHub repository.

3. March 14, 2025: Security researchers at StepSecurity detected the compromise and reported the incident to the maintainers of the tj-actions organization.

4. March 15, 2025: GitHub temporarily removed the compromised action. The GitHub gist hosting the malicious script was taken down, and the compromised repository was restored without the offending commits.

5. March 16-19, 2025: Additional research revealed the connection to the earlier compromise of reviewdog/action-setup.

The How: Attack Methodology

This supply chain attack was sophisticated and involved multiple stages:

1. Initial Access: The attack began with the compromise of another GitHub Action called reviewdog/action-setup@v1. Security researcher Rami McCarthy from Wiz suggested that "the attacker gained sufficient access to update the v1 tag to the malicious code they had placed on a fork of the repository."

2. Leveraging Dependencies: The attackers exploited the fact that tj-actions/changed-files depends on another action (tj-actions/eslint-changed-files), which in turn depends on the compromised reviewdog/action-setup action.

3. Token Theft: Through this dependency chain, the attackers were able to obtain a Personal Access Token (PAT) associated with the tj-actions repository.

4. Malicious Payload Injection: With the stolen token, attackers pushed a malicious commit disguised to look as if it was created by a legitimate user (renovate[bot]). The commit contained a Base64-encoded payload designed to dump the CI/CD runner's memory, exposing sensitive environment variables and secrets directly to the workflow logs.

5. Automated Merging: The commit was added to a legitimate pull request that was automatically merged, as configured for this workflow, allowing the malicious code to be executed by any repository using the GitHub Action.

The Where: Impact and Scope

The impact of this attack was significant due to the widespread use of the compromised GitHub Action:

1. Public Repositories: In cases where workflow logs are publicly accessible (such as in public repositories), the leaked secrets were potentially visible to anyone viewing these logs.

2. Private Repositories: While the risk to private repositories was lower, maintainers were advised to consider their projects potentially compromised.

3. Software Supply Chain: The attack highlighted vulnerabilities in the broader software supply chain, as compromised GitHub Actions can affect thousands of downstream dependencies.

4. Corporate Infrastructure: Organizations with both private and public repositories that share CI/CD pipeline secrets for artifact or container registries faced potential compromise of these registries.

Mitigation and Lessons Learned

Security experts and GitHub have recommended several steps to mitigate similar attacks in the future:

1. Pin Actions to Commit Hashes: GitHub's official guidance suggests pinning actions to specific commit hashes instead of version tags. "Pinning an action to a full-length commit SHA is currently the only way to use an action as an immutable release," according to GitHub's documentation.

2. Audit Workflows: Organizations should audit past workflow runs for suspicious activity and check logs for unusual outbound network requests.

3. Rotate Secrets: Any potentially exposed secrets should be immediately rotated.

4. Use GitHub's Allow-listing: Configure GitHub to allow only trusted actions to run in your workflows.

5. Consider Access Control: The incident highlights the importance of careful access control. The reviewdog organization's practice of automatically adding contributors and granting write access may have increased the attack surface.

Conclusion

This GitHub supply chain attack demonstrates the increasing sophistication of threat actors targeting software development infrastructure. By compromising widely-used components, attackers can potentially affect thousands of downstream projects and organizations.

As software supply chains grow more complex, with many interdependent components, securing each link becomes increasingly challenging yet crucial. This incident serves as a reminder that even the most minor components in your development pipeline can become vectors for attack if not properly secured.

Sources:

1. The Register. "GitHub supply chain attack spills secrets from 23K projects." March 17, 2025. https://www.theregister.com/2025/03/17/supply_chain_attack_github/

2. Palo Alto Networks Unit 42. "GitHub Actions Supply Chain Attack." March 21, 2025. https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/

3. The Hacker News. "Coinbase Initially Targeted in GitHub Actions Supply Chain Attack." March 2025. https://thehackernews.com/2025/03/github-supply-chain-breach-coinbase.html

4. Cybersecurity Dive. "Supply chain attack against GitHub Action triggers massive exposure of secrets." March 2025. https://www.cybersecuritydive.com/news/supply-chain-github-exposure-secrets/742693/

5. CISA. "Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066." March 18, 2025. https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066

6. SecurityWeek. "Popular GitHub Action Targeted in Supply Chain Attack." March 2025. https://www.securityweek.com/popular-github-action-targeted-in-supply-chain-attack/

7. Wiz Blog. "GitHub Action tj-actions/changed-files supply chain attack." March 15, 2025. https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066

8. SecurityWeek. "Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed." March 2025. https://www.securityweek.com/impact-root-cause-of-github-actions-supply-chain-hack-revealed/

9. The Hacker News. "CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise." March 2025. https://thehackernews.com/2025/03/cisa-warns-of-active-exploitation-in.html

10. The Register. "Separate supply chain attack tied to 23K pwned GitHub repos." March 18, 2025. https://www.theregister.com/2025/03/18/wiz_github_supply_chain/