The Python Software Foundation (PyPI) was targeted in the GhostAction supply chain attack in early September 2023. Threat actors exploited malicious GitHub Actions workflows (e.g., FastUUID) to exfiltrate PyPI API tokens and other secrets (including npm, DockerHub, GitHub, Cloudflare, AWS, and database credentials) from over 570 repositories. While 3,300+ secrets were stolen across multiple ecosystems (Python, Rust, npm, JavaScript, Go), PyPI confirmed no evidence of token abuse to publish malware or compromise repositories. The attack leveraged stored GitHub secrets in workflows, sending them to attacker-controlled servers. Response delays occurred due to a spam-filtered alert from GitGuardian, postponing mitigation until September 10th. PyPI invalidated all affected tokens, urged maintainers to adopt short-lived Trusted Publishers tokens, and advised security reviews. Though no direct data breach or financial loss occurred, the incident exposed supply chain vulnerabilities, risking potential future exploits if unmitigated. The attack mirrored prior campaigns like s1ngularity (August 2023), highlighting persistent risks in open-source ecosystems.
TPRM report: https://www.rankiteo.com/company/thepsf
"id": "the3492634091825",
"linkid": "thepsf",
"type": "Cyber Attack",
"date": "8/2023",
"severity": "25",
"impact": "",
"explanation": "Attack without any consequences: Attack in which data is not compromised"{'affected_entities': [{'customers_affected': '570+ repositories (3,300+ '
'secrets compromised across '
'multiple ecosystems)',
'industry': 'software development',
'location': 'Global (HQ: Delaware, USA)',
'name': 'Python Software Foundation (PyPI)',
'type': 'non-profit organization'},
{'customers_affected': '570+ repositories (GitHub '
'Actions workflows)',
'industry': 'technology',
'location': 'Global (HQ: California, USA)',
'name': 'GitHub (Microsoft)',
'type': 'subsidiary'},
{'customers_affected': 'multiple npm packages (part of '
'3,300+ secrets)',
'industry': 'software development',
'location': 'Global',
'name': 'npm (GitHub)',
'type': 'package registry'},
{'customers_affected': 'entire SDK portfolios (Python, '
'Rust, JavaScript, Go)',
'industry': 'software development',
'location': 'Global',
'name': 'Multiple SDK providers',
'type': ['private companies', 'open-source projects']}],
'attack_vector': ['malicious GitHub Actions workflows',
'compromised secrets in repositories'],
'customer_advisories': ['Public recommendation to use Trusted Publishers '
'tokens',
'Security history review advisory'],
'data_breach': {'data_exfiltration': 'Yes (to external servers controlled by '
'attackers)',
'file_types_exposed': ['GitHub secrets',
'environment variables'],
'number_of_records_exposed': '3,300+ secrets',
'sensitivity_of_data': 'High (could enable supply chain '
'attacks, unauthorized package '
'publishing, or cloud infrastructure '
'access)',
'type_of_data_compromised': ['API tokens',
'access keys',
'credentials']},
'date_detected': '2023-09-05',
'date_publicly_disclosed': '2023-09-10',
'date_resolved': '2023-09-15',
'description': 'The Python Software Foundation (PSF) invalidated all PyPI '
'tokens stolen in the GhostAction supply chain attack in early '
'September 2023. The attack involved malicious GitHub Actions '
'workflows (e.g., FastUUID) exfiltrating PyPI tokens to a '
'remote server. While no evidence of PyPI account compromise '
'was found, over 3,300 secrets (including PyPI, npm, '
'DockerHub, GitHub, Cloudflare API tokens, AWS keys, and '
'database credentials) were stolen across multiple ecosystems '
'(Python, Rust, JavaScript, Go). GitGuardian reported the '
'issue on September 5th, but a delayed response (until '
'September 10th) occurred due to a spam-filtered email. PyPI '
'contacted affected maintainers on September 15th, '
'recommending the use of short-lived Trusted Publishers tokens '
'and security reviews.',
'impact': {'brand_reputation_impact': ['potential erosion of trust in '
'PyPI/GitHub security practices'],
'data_compromised': ['PyPI tokens',
'npm tokens',
'DockerHub tokens',
'GitHub tokens',
'Cloudflare API tokens',
'AWS access keys',
'database credentials'],
'operational_impact': ['token invalidation for 570+ repositories',
'security reviews required for affected '
'projects'],
'systems_affected': ['GitHub Actions workflows',
'PyPI package publishing infrastructure']},
'initial_access_broker': {'entry_point': 'Malicious GitHub Actions workflows '
'(e.g., FastUUID)',
'high_value_targets': ['PyPI tokens',
'npm tokens',
'cloud credentials']},
'investigation_status': 'Completed (no evidence of PyPI account compromise; '
'tokens invalidated)',
'lessons_learned': ['Spam filters can delay critical security communications; '
'ensure whitelisting for security reports.',
'Long-lived tokens in GitHub Actions pose significant '
'supply chain risks; short-lived tokens (e.g., Trusted '
'Publishers) mitigate this.',
'Cross-ecosystem attacks (Python, Rust, npm, etc.) '
'require coordinated disclosure among package registries.',
'Automated secret scanning (e.g., GitGuardian) is '
'essential for early detection.'],
'motivation': ['credential harvesting',
'potential future supply chain compromise'],
'post_incident_analysis': {'corrective_actions': ['Invalidated all '
'compromised PyPI tokens',
'Promoted adoption of '
'Trusted Publishers '
'(short-lived tokens)',
'Enhanced communication '
'channels for security '
'reports',
'Collaborated with '
'GitGuardian/GitHub for '
'broader ecosystem '
'notifications'],
'root_causes': ['Long-lived tokens stored in '
'GitHub secrets',
'Insufficient validation of GitHub '
'Actions workflow modifications',
'Delayed incident response due to '
'spam-filtered email',
'Lack of cross-ecosystem '
'coordination for supply chain '
'threats']},
'recommendations': ['Replace long-lived PyPI tokens with short-lived Trusted '
'Publishers tokens for GitHub Actions.',
'Regularly audit GitHub Actions workflows for '
'unauthorized modifications.',
"Store secrets securely (e.g., GitHub's native secrets "
'management) and avoid hardcoding in workflows.',
'Monitor security history logs for suspicious activity '
'(e.g., unexpected token usage).',
'Implement automated secret detection tools (e.g., '
'GitGuardian, GitHub Secret Scanning).',
'Coordinate with other package ecosystems (npm, Rust, '
'etc.) for cross-platform threat intelligence sharing.'],
'references': [{'source': 'GitGuardian Blog'},
{'source': "PyPI Admin Mike Fiedler's Statement"},
{'source': 'BleepingComputer (GhostAction coverage)'},
{'source': 'The Register (s1ngularity attack context)'}],
'response': {'communication_strategy': ['direct outreach to maintainers '
'(September 15)',
'public disclosure via '
'blog/statements'],
'containment_measures': ['invalidated all stolen PyPI tokens',
'contacted 570+ repository maintainers'],
'incident_response_plan_activated': '2023-09-10 (delayed due to '
'spam-filtered email)',
'recovery_measures': ['reverted malicious GitHub Actions '
'workflows',
'removed affected workflows in some cases'],
'remediation_measures': ['recommended replacement of long-lived '
'tokens with short-lived Trusted '
'Publishers tokens',
'security history reviews for '
'suspicious activity'],
'third_party_assistance': ['GitGuardian (initial detection and '
'reporting)']},
'stakeholder_advisories': ['PyPI maintainers notified on September 15',
'GitHub/npm security teams alerted by GitGuardian'],
'title': 'GhostAction Supply Chain Attack on PyPI Tokens',
'type': ['supply chain attack', 'credential theft', 'token exfiltration'],
'vulnerability_exploited': 'Improperly secured GitHub secrets (long-lived '
'PyPI tokens stored in workflows)'}