Checkmarx has disclosed that its source code, API keys, MongoDB and MySQL credentials, and other sensitive information exposed by the Lapsus$ hacking operation were obtained from a GitHub repository that was breached as part of a supply chain attack by the TeamPCP threat group last month, according to The Register.Access to the compromised GitHub repository has since been secured by Checkmarx. While the investigation into the nature and extent of the incident is still underway, Checkmarx has discovered that TeamPCP's compromise of Aqua Security's Trivy vulnerability scanner with credential-stealing malware on Mar. 16 allowed access to LiteLLM, Telnyx, and the firm's KICS analysis tool, which was injected with the same payload on Mar. 23. The official checkmarx/kics Docker Hub repository was also injected with poisoned images allowing data exfiltration."Our investigation found evidence that the malware could generate an uncensored scan report, encrypt it, and send it to an external endpoint, creating a serious risk for teams using KICS to scan infrastructure-as-code files that may contain credentials or other sensitive configuration data," said Checkmarx researchers.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds