CybersecurityEnterpriseDefense

Black Hat USA 2025 | Uncovering and Responding to the Tj-Actions Supply Chain Breach

Black Hat
Black HatApr 1, 2026

Why It Matters

The breach demonstrates that a single compromised third‑party action can leak thousands of cloud credentials across the software supply chain, forcing enterprises to rethink dependency management and implement continuous security monitoring for CI/CD environments.

Key Takeaways

  • TJ Actions change-files action compromised via malicious tag updates
  • Attack exfiltrated CI/CD secrets by dumping runner memory
  • Double Base64 encoding bypassed GitHub secret masking in logs
  • Over 23,000 repos, including major firms, were affected instantly
  • Baseline network monitoring detected anomalous outbound call, enabling rapid response

Summary

The presentation detailed a supply‑chain breach that hit the popular TJ‑actions/change‑files GitHub Action. On March 14, an automated alert flagged an unexpected outbound request, leading the Step Security team to discover that the action’s release tags had been repointed to a malicious commit hosted in a fork – an “impostor commit” that allowed the attacker to execute arbitrary code in any pipeline referencing the tag.

The malicious payload downloaded a script (memdump.py) from a public gist, dumped the memory of the runner.worker process, extracted CI/CD secrets, and re‑encoded them with double Base64 so they would appear unmasked in build logs. This technique bypassed GitHub’s secret‑masking safeguards and exposed AWS keys, GitHub tokens, and database passwords to anyone monitoring the logs.

Vun Sharma and Ashish Kurmi highlighted that the compromised action was used in more than 23,000 public repositories, including GitHub, Hugging Face, HashiCorp, Meta, and Microsoft, and countless private repos. A high‑severity CVE was published the next day, and CISA issued a national‑security advisory urging immediate remediation.

The incident underscores the fragility of mutable tag references in open‑source CI/CD components and the necessity of baseline network‑traffic monitoring. Organizations must adopt immutable versioning, enforce strict provenance checks, and deploy runtime EDR solutions for CI/CD pipelines to detect anomalous behavior before credentials are harvested.

Original Description

When 'Changed Files' Changed Everything: Uncovering and Responding to the tj-actions Supply Chain Breach
What began as a routine CI/CD run quickly uncovered a disturbing reality: the popular tj-actions/changed-files GitHub Action, used by 23,000+ repositories including those from NVIDIA, Meta, Microsoft and other tech giants, had been weaponized to exfiltrate secrets. This presentation dissects how one of the most consequential supply chain attacks of 2025 unfolded and was ultimately contained.
On March 14, 2025, at 1:01 PM PT, we detected an anomalous outbound network connection to gist.githubusercontent.com from a pipeline run. This single alert led to the discovery that attackers had redirected all tags of the tj-actions/changed-files GitHub Action to point to a single malicious commit. The compromised action dumped CI/CD credentials from memory and exposed them directly in build logs – requiring no additional exfiltration channels.
We'll demonstrate how the attackers leveraged a previous compromise of the reviewdog GitHub Action to gain access to tj-actions, showcasing an emerging pattern of "chained" supply chain attacks. We will share actionable logic and methodologies to detect future CI/CD supply chain attacks by flagging deviations from established patterns of normal network activity - techniques that succeeded where traditional signature-based security failed against this sophisticated breach.
The presentation examines the real-world challenges faced by affected organizations: from identifying instances of the compromised action across their codebases, hunting for exposed credentials in build logs, determining which secrets required rotation, and implementing alternatives after the original action was temporarily removed. Through a live demonstration, attendees will witness both the attack mechanics and how organizations navigated these complex recovery scenarios with limited tooling and information.
Security professionals and developers will leave with concrete strategies to identify and mitigate similar supply chain compromises in their own CI/CD environments, where traditional indicators of compromise are deliberately minimized and trusted tools are weaponized against their users.
By:
Varun Sharma | CEO, StepSecurity
Ashish Kurmi | CTO, StepSecurity
Presentation Materials Available at:
Varun Sharma | CEO, StepSecurity
Ashish Kurmi | CTO, StepSecurity

Comments

Want to join the conversation?

Loading comments...