Supply-Chain Attack Targets Security Firms Checkmarx, Bitwarden
Original: Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Why This Matters
Shows vulnerability of security firms to supply-chain attacks targeting development tools
TeamPCP hackers compromised Trivy vulnerability scanner on March 19, leading to malware distribution to security firms Checkmarx and Bitwarden. Attack resulted in credential theft and subsequent ransomware breach.
A supply-chain attack beginning March 19 compromised the Trivy vulnerability scanner's GitHub account, distributing malware that harvested repository tokens and SSH keys from victims including Checkmarx and Bitwarden. Checkmarx suffered multiple breaches over 40 days, with its GitHub account pushing malware to users on March 23 and again April 22. The company's Docker Hub repository was also compromised. On Monday, Checkmarx disclosed that ransomware group Lapsu$ dumped private data from March 30, indicating attackers maintained access despite remediation efforts. Bitwarden experienced a brief compromise April 22, distributing malicious packages through npm for 1.5 hours. The attacks were attributed to TeamPCP, an access-broker group that targets privileged tools and sells credentials to other hackers.