MALICIOUS Trivy images on Docker Hub linked to a supply chain attack led researchers to uncover an intrusion that compromised Aqua Security’s internal GitHub organisation. According to OpenSourceMalware, TeamPCP defaced all 44 repositories in Aqua Security’s internal aquasec-com org within minutes, with attackers renaming repos and updating descriptions after stealing a service account token.
The breach was automated, using scripted API calls to perform the defacements in about two minutes, while much of the activity remained invisible in standard logs. Investigators traced the compromise to a service account, Argon-DevOps-Mgt, which had admin access across multiple organisations; hours before the attack, the token was tested by briefly creating and deleting a branch to confirm write access.
The chain of events began with TeamPCP compromising Trivy GitHub Actions to steal credentials, before mapping repositories and launching the main attack. TeamPCP, also known as DeadCatx3, PCPcat, ShellForce and CanisterWorm, are linked to Docker API and Kubernetes exploitation and supply chain attacks.