Checkmarx KICS GitHub Actions trojanised by TeamPCP
Between 12:58 and 16:50 UTC on 23 March 2026, TeamPCP hijacked 35 tags in the Checkmarx ast-github-action and kics-github-action repos to push a credential stealer, leveraging tokens stolen from the Trivy compromise. CI/CD pipelines using either Action during the window executed the stealer before the legitimate scan.
- Threat actor
- TeamPCP
- Detected by
- Checkmarx · Microsoft Threat Intelligence
- Also known as
- TeamPCP Checkmarx cascade
- Ecosystems
- GitHub Actions
- Packages tracked
- 2
What happened
Between 12:58 UTC and 16:50 UTC on 2026-03-23, TeamPCP hijacked 35 tags across the Checkmarx ast-github-action and kics-github-action repositories, force-pushing them to commits that prepended a credential stealer to the legitimate scan logic. Access was obtained using a maintainer GitHub PAT exfiltrated from the earlier 2026-03-19 Trivy compromise.
Stealer behaviour
The injected step runs before the real scan, dumps the runner environment, secrets.* mounted into the workflow, the GITHUB_TOKEN, OIDC tokens, AWS / GCP / Azure credentials, and any Kubernetes kubeconfig that happens to be on disk, then POSTs the package to audit.checkmarx.cx (an attacker-controlled domain that mimics Checkmarx infrastructure) with checkmarx.zone as a fallback. After exfil it calls the legitimate KICS scanner so the workflow appears to succeed.
Blast radius
Any CI run that referenced checkmarx/kics-github-action@main, @v2, @v2.1, or any other tag during the ~4 hour window executed the stealer. The Bitwarden CLI compromise on 2026-04-22 was a direct downstream consequence — TeamPCP used a PAT lifted from a Bitwarden engineer's pipeline run.
Response
Checkmarx rotated their signing keys, restored clean tags, and published a SHA pinning advisory on 2026-03-24. Microsoft's Trivy write-up of the same day folds Checkmarx into the broader TeamPCP cascade timeline.
Affected packages (2)
- GitHub Actions
checkmarx/ast-github-action - GitHub Actions
checkmarx/kics-github-action
Impact
- Any CI run using the affected Actions on @main during the window exfiltrated secrets
- Cloud credentials, GitHub PATs, Kubernetes tokens harvested
- Bitwarden CLI compromise (April 22) was a direct downstream consequence
What to do
- 1Pin
kics-github-actiontov2.1.20or later; pinast-github-actionby commit SHA - 2Rotate every secret exposed to KICS workflows between 23 March
12:58 UTCand16:50 UTC - 3Block egress to
checkmarx.zoneandaudit.checkmarx.cx