Supply Chain Attack Defaces 44 Aqua Security Repositories via Stolen Trivy Service Token
What Happened — Malicious Trivy container images on Docker Hub (versions 0.69.4‑0.69.6) were used to steal CI credentials. The stolen service‑account token was then leveraged to rename and deface 44 repositories in Aqua Security’s internal GitHub organization within minutes.
Why It Matters for TPRM —
- A supply‑chain compromise of a widely‑used scanning tool can cascade to downstream vendors.
- Stolen long‑lived tokens give attackers unfettered write access to private code bases.
- Rapid, automated repo defacement signals a low‑visibility, high‑impact attack vector that may evade traditional logging.
Who Is Affected — Cloud‑native security vendors, SaaS providers that embed Trivy in CI pipelines, and any downstream customers relying on Aqua Security’s proprietary tooling.
Recommended Actions — Review all third‑party CI/CD components for token hygiene, rotate long‑lived service tokens, enforce least‑privilege scopes, and monitor GitHub audit logs for anomalous API activity.
Technical Notes — Attack vector: stolen service‑account token (STOLEN_CREDENTIALS). The malicious Trivy images contained the TeamPCP infostealer. Defacement was performed via scripted GitHub API calls, leaving minimal trace. No public data exfiltration reported, but repository integrity was compromised. Source: Security Affairs