A new and sophisticated supply chain attack on GitHub, dubbed ‘GhostAction’ by GitGuardian researchers, has led to the compromise of over 3,300 sensitive secrets. The attack, which was first detected on September 2, 2025, on a project called FastUUID, leveraged compromised maintainer accounts to insert malicious GitHub Actions workflow files into hundreds of repositories. These rogue workflows were designed to automatically steal secrets stored within the projects’ GitHub Actions environments, posing a significant security risk to the developer community. This type of attack highlights the vulnerability of open-source projects to credential theft and the importance of securing developer accounts.
The attack’s methodology was both clever and concerning. After gaining access to a maintainer’s account, the attackers would commit a new workflow file that was triggered automatically on a ‘push’ or manual dispatch. Once activated, this file would read all available secrets—such as PyPI, npm, and DockerHub tokens, as well as AWS keys—and then use a curl POST request to exfiltrate them to an external domain. GitGuardian’s investigation revealed that all the compromised repositories were sending their stolen secrets to the same endpoint at bold-dhawan[.]45-139-104-115[.]plesk[.]page, confirming a coordinated campaign.
While GitGuardian’s initial discovery was on a single project, a deeper dive into the incident revealed a far broader scope. The research team found that the GhostAction campaign had injected similar malicious commits into at least 817 different repositories. The attackers were meticulous, first enumerating the names of secrets used in legitimate workflows and then hardcoding them into their own malicious files to ensure they captured the correct credentials. This level of detail suggests a well-planned operation aimed at a wide range of high-value targets.
In response to the discovery, GitGuardian acted swiftly to mitigate the damage. On September 5, they opened GitHub issues in 573 of the impacted repositories and directly alerted the security teams at GitHub, npm, and PyPI. This rapid response was crucial in limiting the fallout. Thanks to these notifications, and in some cases, projects independently detecting the compromise, over a hundred repositories had already reverted the malicious changes by the time the security issues were raised. Furthermore, the exfiltration endpoint became unresponsive shortly after the campaign was exposed, suggesting the attackers may have taken it down to prevent further investigation.
Although GitGuardian’s prompt action likely prevented more widespread damage, the scale of the attack remains significant. The researchers estimate that 3,325 secrets have been stolen, including a wide array of tokens and keys for services like PyPI, npm, DockerHub, GitHub, Cloudflare, and AWS, as well as database credentials. This incident serves as a stark reminder for developers and organizations to implement robust security practices, such as two-factor authentication (2FA) and regular security audits, to protect their accounts and projects from sophisticated supply chain attacks.
Reference:
