Inside the GhostAction Attack: 3,325 Exposed Secrets from Compromised GitHub Workflows

Read full article here: https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/?utm_source=nhimg

On September 5, 2025, GitGuardian discovered GhostAction, a wide-scale supply chain campaign targeting GitHub repositories. The attack compromised 327 users across 817 repositories, exfiltrating 3,325 secrets — including PyPI, npm, DockerHub, AWS, and database credentials — through malicious GitHub Actions workflows.

Initial Discovery & Attack Methodology

• Entry Point: First detected in the FastUUID repository, where a malicious commit titled “Add GitHub Actions Security workflow” introduced a backdoored GitHub Actions workflow.
• Malicious Payload: The workflow exfiltrated environment secrets (e.g., PYPI_API_TOKEN) via HTTP POST to an attacker-controlled endpoint (hxxps://bold-dhawan.45-139-104-115.plesk.page).
• Execution: Triggered automatically on push and workflow_dispatch events, enabling attackers to silently harvest secrets during normal CI/CD runs.
• Rapid Containment: Maintainer reverted malicious commit within hours; PyPI locked project to read-only status by 12:11 PM on Sept 5.

Campaign Scale & Impact

• Scope: Hundreds of identical malicious commits found across public and private repos.
• Secrets Stolen: 3,325 total, including:
  • DockerHub, GitHub, npm tokens
  • PyPI credentials
  • Cloudflare API tokens
  • AWS access keys & database creds
• At-Risk Ecosystems: 9 npm packages and 15 PyPI packages identified as high-risk for potential compromise.
• Ongoing Exploitation: Early incident response confirmed attackers were actively using stolen secrets for follow-on attacks.

 Attacker Tactics

1. Reconnaissance: Enumerated secret names from legitimate workflow files.
2. Weaponization: Hardcoded secrets into malicious .github/workflows/github_actions_security.yml.
3. Exfiltration: Sent data to attacker infrastructure hosted on 493networking.cc.
4. Persistence: Targeted multiple repositories per user, spreading across SDK portfolios and multi-language ecosystems.

Key Indicators of Compromise (IOCs)

 Mitigation & Recommendations

• Immediate Actions:
  • Search your repos for suspicious workflows named Github Actions Security.
  • Rotate all potentially exposed tokens, including CI/CD secrets, PyPI, npm, and DockerHub credentials.
  • Invalidate compromised GitHub personal access tokens.
• Hardening Measures:
  • Enforce least privilege for CI/CD secrets — avoid broad-scoped tokens.
  • Enable GitHub secret scanning alerts and configure push protection.
  • Monitor workflow changes using GitHub’s branch protection rules and CODEOWNERS reviews.
  • Use OIDC-based short-lived credentials for deployments instead of long-lived tokens.

The Bottom Line

GhostAction demonstrates that malicious workflows are now a primary supply chain attack vector. Automated secrets exfiltration at CI/CD runtime can compromise entire software portfolios in hours. Enterprises must adopt continuous secret scanning, least privilege enforcement, and CI/CD workflow integrity monitoring to stay ahead of attackers.