A recent supply chain attack has targeted GitHub Actions, specifically the popular actions-cool/issues-helper workflow. Threat actors have managed to redirect all existing tags in the repository to a deceptive commit that contains malicious code. This code is designed to harvest sensitive credentials from CI/CD pipelines and send them to a server controlled by the attackers. According to Varun Sharma from StepSecurity, the commit does not appear in the normal commit history, allowing attackers to bypass standard security reviews and execute arbitrary code.

The attack is not limited to just one workflow. A second GitHub action, actions-cool/maintain-one-comment, has also been compromised using a similar method. GitHub has responded by disabling access to the affected repository due to a violation of its terms of service, though the specific reasons for this decision have not been disclosed.

Interestingly, the domain used for exfiltration, t.m-kosche[.]com, has been observed in another campaign targeting npm packages from the @antv ecosystem. Philipp Burckhardt from Socket suggests that this indicates a connection between the two incidents, both likely part of the Mini Shai-Hulud activity cluster. Given the overlap in the exfiltration domain, the cybersecurity community is treating these as related incidents.

Protective measures are crucial, as workflows that reference the compromised action by version will pull the malicious code on their next run. Only those workflows that are pinned to a known-good full commit SHA remain unaffected.