Investigators later found similar malicious workflows across at least five public repositories and an estimated ten private ones. The attack was highly adaptive, targeting environment-specific secrets ranging from container registry credentials to cloud provider keys.
“The attack pattern remained consistent across all projects. The attacker first enumerated secrets from legitimate workflow files, then hardcoded these secret names into malicious workflows,” researchers added in the blog. GhostAction exfiltrated thousands of sensitive tokens that could have been used for package tampering, unauthorized infrastructure access, or further supply chain compromises.
Threat contained within days
GitGuardian’s security team responded quickly after detection, and the FastUUID package was set to read-only by PyPI administrators within minutes. The malicious commit was reverted shortly afterward. GitGuardian notified maintainers of the affected repositories, successfully contacting 573 projects, while also alerting GitHub, npm, and PyPI security teams to monitor for abuse.
