SAN FRANCISCO — Mandiant is responding to a major, ongoing supply-chain attack involving the compromise of Trivy, a widely used open-source tool from Aqua Security that’s designed to find vulnerabilities and misconfigurations in code repositories.
The fallout from the attack spree, which was first detected March 19, is extensive and poses substantial risk for follow-on compromises and threatening extortion attempts.
“We know over 1,000 impacted SaaS environments right now that are actively dealing with this particular threat campaign,” Charles Carmakal, chief technology officer at Mandiant Consulting said during a threat briefing held in conjunction with the RSAC 2026 Conference. “That thousand-plus downstream victims will probably expand into another 500, another 1,000, maybe another 10,000.”
Attackers stole a privileged access token and established a foothold in Trivy’s repository automation process by exploiting a misconfiguration in the tool’s GitHub Actions environment in late February, Aqua Security said in a blog post.
On March 1, the company tried to block an ongoing breach by changing its credentials. They later realized the attempt failed, which allowed the attacker to stay in the system using valid logins. Attackers published malicious releases of Trivy on March 19.
“While this activity initially appeared to be an isolated event, it was the result of a broader, multi-stage supply-chain attack that began weeks earlier,” Aqua Security said in the blog post.
By compromising the tool, attackers gained access to secrets for many organizations, Carmakal said. “There will likely be many other software packages, supply-chain attacks and a variety of other compromises as a result of what’s playing out right now.”
Mandiant expects widespread breach disclosures, follow-on attacks and a variety of downstream impacts to play out over the next several months.
The attackers, which the incident response firm has yet to name, are collaborating with multiple threat groups mostly based in the United States, Canada and United Kingdom. These cybercriminals “are known for being exceptionally aggressive with their extortion,” Carmakal said. “They’re very loud, they’re very aggressive.”
Mandiant is still working to identify the root of the initial attack. “We can’t quite tell how those credentials were stolen, because it is our belief that those credentials were not stolen from that victim’s environment,” Carmakal said.
The credentials were likely stolen from another cloud environment, a business process outsourcer, partner or the personal computer of an engineer, he added.
Aqua said Sygnia, which is investigating the attack and assisting in remediation efforts, identified additional suspicious activity Sunday involving unauthorized changes and repository changes — activity that is consistent with the attacker’s previously observed behavior.
“This development suggests that the incident is part of an ongoing and evolving attack, with the threat actor reestablishing access. Our investigation is actively focused on validating that all access paths have been identified and fully closed,” the company said.
Aqua, in its latest update Tuesday, said it is continuing to revoke and rotate credentials across all environments and claimed there is still no indication its commercial products are affected.
Many attackers are currently weaponizing access and likely targeting additional victims, yielding to potential extortion attempts and the compromise of additional software, Carmakal said.
“It’s going to be a different outcome for a lot of different organizations,” he said. “This will be a very concentrated focus of the adversaries and their expansion group of partners that they’re collaborating with right now.”
The post Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack appeared first on CyberScoop.
–
Read More – CyberScoop
