A menace actor is systematically focusing on cloud credentials, SSH keys, authentication tokens, and different delicate secrets and techniques saved in automated enterprise software program construct and deployment pipelines after compromising Trivy, the extensively used cloud safety scanning software.
Trivy is an open supply scanner that organizations use to establish vulnerabilities in container photographs, code repositories, and infrastructure configurations. Many organizations have embedded Trivy deep into their automated CI/CD software program improvement pipelines, making it a high-value goal for attackers. Aqua Safety, the first maintainer of the scanner, sells a separate industrial model of Trivy, which, in line with the corporate, doesn’t seem to have been impacted by the provision chain assault.
Multistage Provide Chain Assault
The compromise started in February, when the attacker exploited a misconfiguration in Trivy’s GitHub Motion part to steal a privileged entry token. The attacker subsequently used the token to infiltrate Trivy’s repository automation and launch atmosphere.
The Trivy crew found and disclosed that preliminary intrusion on March 1. They executed a credential rotation on the time, but it surely was not as complete as they thought it might need been, as a result of the attacker managed to retain entry to the atmosphere and in addition seize newly rotated secrets and techniques.
On March 19, the attacker used these credentials to force-push malicious code to 76 of the 77 beforehand launched variations of trivy-action, the GitHub Actions that organizations use to run Trivy scans inside their automated CI/CD pipelines. A CI/CD pipeline that referenced any of these variations would have pulled down and unknowingly executed the malicious code as an alternative of the official unique.
The attacker equally poisoned all seven variations within the setup-trivy repository for organising the scanner. As well as, the menace actor exploited a compromised automated service account known as aqua-bot to publish a malicious model of Trivy, v0.69.4, and manipulate its GitHub Motion tags.
“Quite than introducing a brand new, clearly malicious model, the attackers used a extra refined method,” Aqua Safety mentioned in a weblog put up on March 22. “By modifying present model tags related to trivy-action, they injected malicious code into workflows that organizations have been already operating.”
As a result of many automated CI/CD pipelines rely completely on model labels with out verifying that the code hasn’t modified since they first began utilizing it, they continued operating as ordinary with out detecting the tampering, Aqua mentioned.
In a March 23 replace, Aqua disclosed that the menace actor had exploited the compromised automated service account (aqua-bot) to additionally publish two compromised Docker photographs, v0.69.5 and v0.69.6, successfully spreading malware via Trivy’s trusted launch pipeline.
Credential Stealing Payload
The Trivy safety crew and Aqua described the payload itself as a credential-harvesting infostealer that scans greater than 50 filesystem places for SSH keys, cloud supplier credentials for AWS, Google Cloud, and Azure, Kubernetes authentication tokens, Docker configuration recordsdata, atmosphere variable recordsdata, database credentials, and cryptocurrency wallets.
Their evaluation confirmed the malware utilizing AES-256-CBC with RSA-4096 hybrid encryption to encrypt and transmit stolen knowledge to attacker-controlled infrastructure. In cases the place such exfiltration is just not potential, the malware creates a public GitHub repository on the sufferer’s account (named public tpcp-docs) and uploads the info from there, Trivy and Aqua mentioned.
“This mixture of credential compromise, abuse of trusted launch channels, and silent execution inside CI/CD pipelines is a transparent instance of a contemporary software program provide chain assault,” Aqua mentioned. “Quite than focusing on a single group, the attackers leveraged extensively trusted tooling to achieve downstream customers at scale.”
What makes the assault specific troubling is that it impacts a safety software that many organizations depend on and implicitly belief to detect vulnerabilities and to guard them in opposition to assaults. That is the second latest incident involving both a safety software or a vendor. Earlier this month, Outpost24 reported an incident the place somebody tried to steal credentials from a C-level government on the firm utilizing a classy seven-stage phishing chain.
Although that exact assault failed, the incident and now the one involving Trivy are proof of rising attacker curiosity in focusing on distributors and merchandise that the majority corporations implicitly belief and to which they present close to unfettered entry to their environments.
Aqua and Trivy urged organizations that used any affected model of Trivy, trivy-action, or setup-trivy throughout the publicity home windows to deal with all secrets and techniques accessible to these pipelines as compromised and to rotate them instantly. Aqua really useful that affected organizations audit Trivy variations to see if they may have pulled or executed the weaponized Trivy v0.69.4 model from any supply and to take away them instantly.
The corporate additionally urged a overview of all workflows utilizing aquasecurity/trivy-action or aquasecurity/setup-trivy for indicators of compromise. Aqua’s weblog put up specified different actions that organizations have to take to mitigate threat from the provide chain assault.
