The GitHub “TJ-Actions/Changer-Files” chain attack began as a highly assault on one of the open source Coinbase projects before turning into something wider in the sphere.
“The useful load was focused on using the public flow CI/CD one of its open source projects – Agentkit, probably for the use of it for further compromises,” Palo Alto Networks 42 division 42 – Note In the report. “However, the attacker was unable to use Coinbase’s secrets or to publish packages.”
A incident It was born on March 14, 2025, when it was established that “TJ-Actions/Change-Files” were compromised in an injection code that traced sensitive secrets from the storage process. It was assigned to CVE ID Cve-2025-30066 (CVSS assessment: 8.6).
According to Endor Labs, 218 GITHUB repositories have exposed their secrets from the supply attack, and most of the tinted information includes “several dozen” for DockerHub, NPM and Amazon Web Services (AWS), as well as GitHub Altain Access Tekens.
“The initial scale of the supply chain attack sounded scary, given that tens of thousands of repositories depend on the GitHub action – Note.
“However, drilling into workflows, their jogging and secrets show that the actual impact is less than expected:” only “218 storages are traced, and most of them-long github_tokens, which end after completion of the workflow.”
Since then, it turned out that the tag v1 of the other action GITHUB called “ReviewDog/Setup”, which “TJ-Actions/Change-Files” relies on the dependence using “TJ-Actions/Files, which change on ESLINT,” also compromised as a result of the incidents with an analysis. A Violation of “ReviewDog/Seatup” tracked as Cve-2025-30154 (CVSS assessment: 8.6).
It is said that the operation of the CVE-2025-30154 has allowed unknown actors threatening to gain personal access (PAT) associated with “TJ-Acting/Pugs”, which allows them to change the repository and push the harmful code, in turn, affecting each GITHUB repository that depended on the actions.
“When the tj-Actions/Eslint -ChanT-Files Action Was Executed, The TJ-Actions/Changed-Files Ci Runner’s Secrets Were Leaaked, Allowing the Attackers to Steal The Credentials Used In the Runner, Including A Personal Accse Tooken (Pat) Belonging to the TJ-Bot-Actions GitHub User Account, “Unit 42 Researchers Omer Gil, Aviad Hahami, Asi Greenholts, and said Jaron Avital.
Currently, it is suspected that the attacker has somehow accessed the marker with access to the recording to the Organization Reviewdog to make changes to rogue. Given this, at this stage, as this token can be purchased, remains unknown.
Also ,, as they say Request for pulling forks In the original repository and ultimately, the introduction of arbitrary accomplishments is a script called hanging.
“The attacker has taken considerable measures to conceal his tracks using different methods, such as the use of hanging, creating several temporary GITHUB users, as well as their embarrassed activities in the workflow magazines (especially in the original Coinbase attack), Gill, the senior head of the scientific research in Palo Alto Setwor. “These conclusions show that the attacker is highly qualified and deeply understands the CI/CD security threats and the attack tactics.”
Section 42 stated that the user account behind the fork Pull “ILRMKCU86TJWP8” was perhaps hidden from the public view after the attacker moved from the legal email address presented during the registration to a one -time (or anonymous) letter in violation of the GITHUB policy.
This can cause all interactions and actions performed by the user. However, when he addressed the comments, GitHub did not confirm or deny the hypothesis, but said he was actively revising the situation and takes measures as needed.
“Currently, there is no evidence that allows you to offer a compromise GITHUB or its system. Projects are allocated are open source projects,” said Github The Hacker News spokesman.
“GitHub continues to consider and take action on user -related repositors, including malicious programs and other malicious attacks, according to Eligible GitHub Policy. Users should always browse the GitHub actions or any other package they use in their code before they are updated to new versions. This remains true, as in all other cases of the third party code. “
A deeper search forks gitHub tj-actions/changer-files led to the detection of two other account “2ft2dko28uaztz” and “mmvojwip”, both of them were removed from the platform. Both accounts have been found to create forks related to Coinbase, such as Onchainkit, Agentkit and X402.
Further examination has disclosed What accounts changed the “Changelog.yml” file in Agentkit storage, using a fork request to indicate the malicious version of “TJ-Actions/Changes”, published earlier using PAT.
It is assumed that the attacker received a GitHub marker with a recording permit in the Agentkit-in turn, which contributed to the performance of GitHub-TJ-Actions/Changes-so to make unauthorized changes.
Another important aspect to be distinguished is the difference in useful loads used in both cases, which indicates the attempts of the attacker to remain under the radar.
“The attacker used different useful loads at different stages of the attack. For example, in a wide attack, the attacker threw the memory of the runner and printed secrets that are stored as a variable environment in the magazine magazine, no matter what work process works,” Gil said.
“However, focusing on Coinbase, the attacker specifically received github_toke and guaranteed that the useful load would only be performed if the repository belonged to Coinbase.”
Currently, it is unknown what was the final goal of the company is “strongly” suspected that the intention was financial profit, probably an attempt to carry out cryptocurrency theft, given the hyper-specific targeting Coinbase, Gil said. As of March 19, 2025, the exchange of cryptocurrencies redone the attack.
It is also unclear that it pushed the attacker to switch the broadcasts, turning into the fact that the initially oriented attack turned into a large -scale and less hidden company.
“One of the hypotheses is that after realizing that they could not use their token to poison the Coinbase-I repository, learning that Coinbase discovered and softened the attacker was afraid to lose access to TJ-action/altered fillets,” Gil said.
“As compromising this action can provide access to many other projects, they may have decided to act quickly. This could explain why they started a wide attack only 20 minutes after Coinbase mitigated the exposure at their end, despite the increased risk.”
