Supply-chain attack targets security firms Checkmarx and Bitwarden
Original: Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Why This Matters
Demonstrates cascading effects of supply-chain attacks on security industry infrastructure
Security firms Checkmarx and Bitwarden fell victim to supply-chain attacks originating from TeamPCP's breach of Trivy vulnerability scanner. The attacks compromised GitHub accounts, delivered malware to customers, and led to ransomware group Lapsu$ dumping private data from Checkmarx on March 30.
Over 40 days starting March 19, Checkmarx suffered multiple security incidents beginning with TeamPCP's supply-chain attack on Trivy vulnerability scanner. The breach compromised Trivy's GitHub account, pushing malware that harvested repository tokens and SSH keys from users including Checkmarx. Four days later, Checkmarx's own GitHub account was compromised, distributing malware to its customers. Despite remediation efforts, a second wave of malware appeared April 22, suggesting incomplete breach containment. Ransomware group Lapsu$ subsequently dumped Checkmarx private data dated March 30 on the dark web. Bitwarden was also affected by the same campaign, with Socket researchers linking both breaches to identical command-and-control infrastructure. TeamPCP operates as an access-broker, selling stolen credentials to other cybercriminals including Lapsu$, a teenage-run ransomware group known for high-profile breaches and public taunting.