Key Takeaways
- The Checkmarx supply‑chain breach began with the Trivy attack on 23 March 2026, allowing threat actors to hijack GitHub Action tags.
- The intrusion is linked to the hacking group TeamPCP, which may have partnered with the extortion group Lapsus$ for monetization.
- Attackers poisoned multiple artefacts—OpenVSX plugins, GitHub Actions, a DockerHub KICS image, VS Code and Developer Assist extensions, and the Bitwarden CLI NPM package—to gain persistent access and exfiltrate data.
- Sensitive information stolen includes source code, employee databases, API keys, and MongoDB/MySQL credentials; a 96 GB archive of the data was later posted on Lapsus$’s Tor leak site.
- Checkmarx responded by removing malicious packages, rotating credentials, blocking outbound traffic, engaging Mandiant, notifying law enforcement, and launching a thorough code audit.
- As of the latest update, the company says unauthorized access has been fully contained and the investigation is in its final stages.
- The incident fits a wider trend of supply‑chain attacks affecting other major organizations, including Vimeo, Rituals, healthcare providers, and Medtronic.
Overview of the Supply Chain Compromise
Checkmarx confirmed that the breach affecting its open‑source KICS project originated from the Trivy supply‑chain attack discovered on 23 March 2026. The Trivy compromise allowed attackers to steal credentials that were then used to infiltrate Checkmarx’s GitHub environment. By hijacking dozens of GitHub Action version tags, the threat actors could reference malicious code without any visible changes to the tags themselves, making the poisoned workflows appear legitimate to automated CI/CD pipelines. This technique gave the attackers a foothold from which they could propagate malicious artefacts across multiple software ecosystems.
Attribution and Possible Collaboration Between Threat Actors
The activity has been attributed to the notorious hacking collective TeamPCP, known for targeting open‑source projects to harvest credentials and sensitive data. Around the same time as the Checkmarx incident, messages posted by TeamPCP and the extortion group Lapsus$ suggested a potential partnership aimed at monetizing stolen information through ransom or data‑sale schemes. Although no formal joint statement has been released, the timing and overlapping tactics indicate that the two groups may have collaborated, with TeamPCP handling the initial intrusion and Lapsus$ later leveraging the exfiltrated data for public leak and extortion purposes.
Timeline of the Attack and Data Exfiltration
The initial intrusion occurred on 23 March 2026, when compromised Trivy credentials granted access to Checkmarx’s GitHub repositories. Investigators later determined that data exfiltration took place on 30 March 2026, well before the attackers publicly announced their success. Over the weekend following the breach—approximately one month after the original compromise—Lapsus$ added Checkmarx to its Tor‑based leak site, claiming possession of source code, employee databases, API keys, and MongoDB and MySQL credentials. The claim was substantiated by the subsequent release of a 96 GB archive containing the alleged stolen material, confirming that the attackers had successfully moved from initial access to large‑scale data theft.
Mechanics of the Poisoned Artefacts
Once inside the GitHub environment, the attackers manipulated several components of Checkmarx’s software supply chain. They poisoned two OpenVSX plugins, which are used by developers to obtain extensions for the Visual Studio Code marketplace, and two GitHub Actions workflows that automate build and test processes. In addition, they pushed a malicious DockerHub image for the KICS tool, a compromised VS Code extension, and a tainted Developer Assist extension. The campaign also extended to the widely used Bitwarden command‑line interface (CLI) NPM package, inserting malicious code that could harvest credentials from developers’ local environments. By targeting these diverse distribution channels, the threat actors ensured that downstream users would inadvertently execute the malicious code during routine dependency updates or extension installations.
Impact of the Stolen Data
The exfiltrated dataset is extensive, encompassing Checkmarx’s proprietary source code, internal employee directories, API keys used for integration with third‑party services, and credentials for MongoDB and MySQL databases. The release of a 96 GB archive on Lapsus$’s leak site underscores the volume of information taken. Such data not only threatens Checkmarx’s intellectual property but also poses significant risks to its customers and partners, as exposed API keys and database credentials could be abused to gain unauthorized access to connected systems, potentially leading to further breaches, data manipulation, or service disruption.
Checkmarx’s Response and Remediation Efforts
Upon discovering the breach, Checkmarx took immediate steps to limit the damage. The company removed the malicious packages from its repositories, revoked and rotated all credentials that might have been compromised, and blocked outbound traffic to the attacker’s known infrastructure. Recognizing the sophistication of the attack, Checkmarx enlisted Mandiant to conduct a forensic investigation, notified relevant law‑enforcement agencies, and instituted a broader credential reset across its environment. Additional security hardening included tightening access controls to GitHub repositories, enhancing monitoring for anomalous activity, and launching a comprehensive code audit to ensure no残余’ malicious code remained in its software artefacts.
Current Investigation Status and Containment Assertion
Checkmarx indicates that it is now in the final phases of its investigation and believes that unauthorized access has been fully contained. The firm pledged to share further details as soon as verification is complete. While the company has not disclosed any ongoing residual risk, its statements suggest that the combination of credential rotation, infrastructure blocking, and third‑party forensic work has effectively expelled the threat actors from its networks. Continuous monitoring and improved supply‑chain security measures are expected to be maintained to prevent similar incidents in the future.
Broader Context of Supply‑Chain Threats
The Checkmarx incident aligns with a surge of supply‑chain attacks targeting prominent organizations in early 2026. Shortly after the Checkmarx disclosure, Vimeo confirmed a user and customer data breach, Luxury cosmetics giant Ekonomia Rituals reported a data breach, and several healthcare organizations in Illinois and Texas disclosed incidents affecting approximately 600,000 individuals. Additionally, Medtronic acknowledged a hack after the ShinyHunters group threatened to leak data. These events collectively illustrate how attackers are increasingly exploiting trusted software distribution channels to gain widespread access, highlighting the urgent need for industry‑wide improvements in code signing, dependency verification, and vigilant monitoring of third‑party components.