A major cybersecurity incident involving the widely used Trivy vulnerability scanner has expanded significantly, with malicious components spreading across Docker environments and cloud-native infrastructures.
Security researchers have confirmed that compromised versions of Trivy were distributed via Docker Hub, exposing developers and organizations to serious threats. This incident highlights the growing impact of software supply chain attacks on modern development ecosystems.
Malicious Docker Images Identified and Removed
Investigations reveal that version 0.69.3 was the last clean release of Trivy available on Docker Hub. Subsequent versions, specifically 0.69.4, 0.69.5, and 0.69.6, were found to contain malicious code and have since been taken down.
These suspicious releases appeared on March 22 without any official corresponding updates on GitHub, raising immediate red flags. Security experts discovered that these images contained indicators linked to the TeamPCP infostealer, a tool previously observed in earlier stages of the attack campaign.
Compromised Credentials Enabled Supply Chain Breach
The root cause of the incident has been traced back to a supply chain compromise involving stolen credentials. Attackers used these credentials to inject malicious code into altered versions of Trivy, as well as related GitHub Actions used in CI/CD pipelines.
By exploiting trusted development tools, threat actors were able to distribute credential-stealing malware at scale, impacting numerous downstream environments.
Worm Propagation Through npm Packages
The attack did not stop at Docker. Using stolen data, the attackers further compromised multiple npm packages, distributing a self-propagating worm known as CanisterWorm.
This worm is capable of spreading automatically across systems, increasing the overall damage and expanding the reach of the attack.
GitHub Organization Defacement and Data Exposure
In a separate but related development, attackers targeted internal repositories belonging to Aqua Security. Reports indicate that 44 repositories were altered in a rapid automated operation lasting approximately two minutes.
The attackers renamed repositories, modified descriptions, and made them publicly accessible. This exposed sensitive internal assets, including proprietary codebases, CI/CD pipelines, Kubernetes operators, and internal documentation.
Service Account Compromise Behind the Attack
Forensic analysis suggests that a compromised service account played a key role in the breach. This account had access to multiple GitHub organizations, allowing attackers to gain administrative control across environments.
Security experts believe that a previously stolen access token enabled attackers to bridge different systems and execute coordinated attacks efficiently.
Advanced Threat Capabilities Expand Attack Scope
The threat actor behind this campaign, identified as TeamPCP, has demonstrated increasingly advanced techniques. Their operations now include:
- Exploiting exposed Docker APIs
- Targeting Kubernetes clusters
- Accessing cloud dashboards and Redis servers
- Conducting data theft, ransomware deployment, and cryptocurrency mining
One of the most concerning developments is the introduction of a destructive wiper malware.
Kubernetes Wiper Targets Infrastructure
A newly identified payload goes beyond traditional attacks by actively destroying systems. The malware spreads using stolen SSH keys and scans networks for exposed Docker services.
In Kubernetes environments, it deploys privileged workloads across nodes. Certain systems are completely wiped and forcefully rebooted, while others are infected with persistent backdoors.
In some cases, destructive commands are executed to erase entire systems, indicating a highly aggressive attack strategy.
Urgent Mitigation Measures Recommended
Given the severity and ongoing nature of this campaign, organizations are strongly advised to take immediate action:
- Avoid using affected Trivy versions (0.69.4 to 0.69.6)
- Audit CI/CD pipelines for suspicious activity
- Rotate credentials and access tokens
- Monitor infrastructure for unauthorized changes or access
- Secure Docker APIs and Kubernetes clusters from public exposure
This incident underscores the long-term risks associated with supply chain compromises and highlights the importance of securing development tools and environments.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
