TeamPCP Compromises Checkmarx GitHub Actions with Stolen CI Credentials

Recent developments in cybersecurity have unveiled a significant breach involving the cloud-native cybercriminal group known as TeamPCP. This group has successfully compromised two GitHub Actions workflows maintained by Checkmarx, a company specializing in supply chain security. This incident follows closely on the heels of TeamPCP’s earlier attack on Aqua Security’s Trivy vulnerability scanner, raising alarms about the escalating threat landscape in cloud-native environments.

The Nature of the Compromise

On March 19, 2026, Sysdig, a cloud security firm, reported the detection of a credential-stealing malware identical to that used in the Trivy attack. This malware, referred to as the “TeamPCP Cloud stealer,” is engineered to extract sensitive credentials and secrets from various sources, including SSH keys, Git repositories, and cloud service providers such as Amazon Web Services (AWS) and Microsoft Azure. The stolen data is exfiltrated to a domain identified as “checkmarx[.]zone,” where it is stored in an encrypted archive named “tpcp.tar.gz.”

The breach highlights a concerning trend: the stolen credentials from the Trivy incident were likely employed to further compromise additional actions within affected repositories. This cascading effect poses a significant risk to organizations relying on these tools for their development and deployment processes.

Technical Mechanisms of the Attack

The modus operandi of TeamPCP includes force-pushing malicious commits containing the stealer payload, specifically a script named “setup.sh.” This tactic mirrors their approach in the Trivy incident, where they similarly manipulated trusted actions to inject malicious code. The use of vendor-specific typosquat domains serves as a deceptive technique, making it challenging for analysts to detect suspicious activity in CI/CD logs.

The malware primarily targets CI runner memory, allowing attackers to harvest GitHub personal access tokens (PATs) and other sensitive secrets during the execution of compromised actions. If these tokens possess write access to repositories utilizing Checkmarx actions, the attackers can leverage them to push malicious code, thereby amplifying the impact of the breach.

Implications for the Industry

The ramifications of this incident extend beyond the immediate compromise of Checkmarx’s workflows. The identical payload, encryption scheme, and naming conventions used in both the Trivy and Checkmarx attacks indicate that TeamPCP is expanding its operations, exploiting vulnerabilities in trusted actions. This highlights a critical gap in code review and dependency scanning processes, which failed to identify the injected malicious code.

Wiz, another cybersecurity firm, has indicated that the attack was likely facilitated through the compromise of the “cx-plugins-releases” service account. The attackers have also published trojanized versions of Open VSX extensions, specifically “ast-results” and “cx-dev-assist.” While the versions available on the VS Code Marketplace remain unaffected, the incident underscores the need for heightened vigilance in monitoring third-party dependencies.

Recommended Mitigation Strategies

In light of this breach, organizations are urged to take immediate action to mitigate potential risks. Recommended steps include:

• Rotating all secrets, tokens, and cloud credentials that were accessible to CI runners during the affected timeframe.
• Auditing GitHub Actions workflow runs for any references to “tpcp.tar.gz,” “scan.aquasecurity[.]org,” or “checkmarx[.]zone” in runner logs.
• Searching GitHub organizations for repositories named “tpcp-docs” or “docs-tpcp,” which may indicate successful data exfiltration.
• Pinning GitHub Actions to full commit SHAs instead of version tags to prevent unauthorized modifications.
• Monitoring outbound network connections from CI runners to detect suspicious domains.
• Restricting the Instance Metadata Service (IMDS) from CI runner containers using IMDSv2.

Checkmarx has stated that it is “not aware of any impact to customer data or production environments” as a result of this incident. However, organizations that downloaded specific artifacts from OpenVSX during a defined window may be at risk, and they are advised to follow their standard incident response procedures.

Conclusion

The recent compromise of Checkmarx’s GitHub Actions workflows by TeamPCP serves as a stark reminder of the vulnerabilities inherent in cloud-native development environments. As cybercriminals continue to evolve their tactics, organizations must remain vigilant and proactive in securing their supply chains. The implications of this incident extend beyond immediate threats, highlighting the need for robust security measures and ongoing monitoring of third-party dependencies.

For further insights into this evolving situation, refer to the reporting on The Hacker News.

For the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East: Middle East