Feed
HighPublished 23 Mar 20262 packages · 0 versions

Checkmarx KICS GitHub Actions trojanised by TeamPCP

Summary

Between 12:58 and 16:50 UTC on 23 March 2026, TeamPCP hijacked 35 tags in the Checkmarx ast-github-action and kics-github-action repos to push a credential stealer, leveraging tokens stolen from the Trivy compromise. CI/CD pipelines using either Action during the window executed the stealer before the legitimate scan.

ci-cd-compromisecredential-theftmaintainer-takeoverinfostealer
Threat actor
TeamPCP
Detected by
Checkmarx · Microsoft Threat Intelligence
Also known as
TeamPCP Checkmarx cascade
Ecosystems
GitHub Actions
Packages tracked
2

What happened

Between 12:58 UTC and 16:50 UTC on 2026-03-23, TeamPCP hijacked 35 tags across the Checkmarx ast-github-action and kics-github-action repositories, force-pushing them to commits that prepended a credential stealer to the legitimate scan logic. Access was obtained using a maintainer GitHub PAT exfiltrated from the earlier 2026-03-19 Trivy compromise.

Stealer behaviour

The injected step runs before the real scan, dumps the runner environment, secrets.* mounted into the workflow, the GITHUB_TOKEN, OIDC tokens, AWS / GCP / Azure credentials, and any Kubernetes kubeconfig that happens to be on disk, then POSTs the package to audit.checkmarx.cx (an attacker-controlled domain that mimics Checkmarx infrastructure) with checkmarx.zone as a fallback. After exfil it calls the legitimate KICS scanner so the workflow appears to succeed.

Blast radius

Any CI run that referenced checkmarx/kics-github-action@main, @v2, @v2.1, or any other tag during the ~4 hour window executed the stealer. The Bitwarden CLI compromise on 2026-04-22 was a direct downstream consequence — TeamPCP used a PAT lifted from a Bitwarden engineer's pipeline run.

Response

Checkmarx rotated their signing keys, restored clean tags, and published a SHA pinning advisory on 2026-03-24. Microsoft's Trivy write-up of the same day folds Checkmarx into the broader TeamPCP cascade timeline.

Affected packages (2)

  • GitHub Actionscheckmarx/ast-github-action
  • GitHub Actionscheckmarx/kics-github-action

Impact

  • Any CI run using the affected Actions on @main during the window exfiltrated secrets
  • Cloud credentials, GitHub PATs, Kubernetes tokens harvested
  • Bitwarden CLI compromise (April 22) was a direct downstream consequence

What to do

  1. 1Pin kics-github-action to v2.1.20 or later; pin ast-github-action by commit SHA
  2. 2Rotate every secret exposed to KICS workflows between 23 March 12:58 UTC and 16:50 UTC
  3. 3Block egress to checkmarx.zone and audit.checkmarx.cx

References

github-actions-2026-03-23-checkmarx-kics