I recently responded to an attack campaign where malicious actors injected code into GitHub Actions workflows attempting to steal PyPI publishing tokens.PyPI was not compromised, and no PyPI packages were published by the attackers.
Attackers targeted a wide variety of repositories, many of which had PyPI tokens stored as GitHub secrets,modifying their workflows to send those tokens to external servers.While the attackers successfully exfiltrated some tokens, they do not appear to have used them on PyPI.
I’ve invalidated all affected tokens and notified the impacted project maintainers.If you’re one of them, I have emailed you from security@pypi.org.
You can read more about the details of the attack on GitGuardian’s blog.
On September 5th, a GitGuardian employee used the PyPI “Report as malware” buttonto submit their findings for a project named fastuuid – namely they found a malicious GitHub Actions workflow attempting to exfiltrate PyPI tokens to a remote server.No compromise on PyPI was found, tokens relating to the user accounts were invalidated,and I reached out to the project owners to notify and help secure the account and project.
Later on September 5th, another researcher from GitGuardian emailed PyPI Security directly about their current findings, effectively an expansion of the previous attack.Due to some of the contents in that email, it ended up in our inbound Spam folder,delaying response until September 10th when I became aware of the attack via other channels,and found the original email in the Spam folder.I may follow up with our support system provider to see about improving spam filtering rules.
After triaging the situation, I discovered another Indicator of Compromise (IoC) in the form of a URL,which I shared with GitGuardian to assist with their ongoing investigation.
Over the course of the following few days, I reviewed the findings from the researchers.I observed that many of the project maintainers responded to notifications from the researchers on their open source issue trackers,either reverting the changes to their actions workflows,or removing the affected workflows entirely from history via force-push of the repository.Many of the maintainers also proactively rotated their PyPI tokens.
After confirming that no PyPI accounts had been compromised,on September 15th I reached out to the maintainers of the affected projects to notify them of the situation,to let them know that their tokens had been invalidated,and recommend using Trusted Publishers with GitHub Actions to help protect their projects in the future.
If you use GitHub Actions to publish to PyPI, I recommend the following steps to protect your projects:
While Trusted Publisher tokens can still be exfiltrated,using Trusted Publishers significantly reduces the risk of compromise.
Thanks to Charles Brossollet, Guillaume Valadon, and Gaëtan Ferryof GitGuardian for their collaboration on this issue.
This investigation and incident response is made possible by the generosity of individuals and corporationssupporting critical security efforts to better secure the Python community,with thanks to Alpha-Omega.
Support these efforts and more here: https://www.python.org/sponsors/application/
We are pleased to announce the release of the new Expense Submission flow! 🎉We’ve done…
Digital signatures add another layer of security to your online transactions and communications. But how…
Unfortunately the string of phishing attacks using domain-confusionand legitimate-looking emails continues. This is the same…
Internet security is leveling up with MPIC. While your organization likely won’t need to do…
Sept. 10: Get actionable insights from 20+ global experts as they discuss PQC readiness assessments,…
SummaryPyPI now checks for expired domains to prevent domain resurrection attacks,a type of supply-chain attack…
This website uses cookies.