Supply‑Chain Attack Compromises Aqua Security’s Trivy Scanner, Injects Malware into Docker Hub Images
What Happened – The TeamPCP threat group breached Aqua Security’s GitHub organization, inserted credential‑harvesting code into the open‑source Trivy scanner, and pushed malicious Docker image tags 0.69.5 and 0.69.6 to Docker Hub. The attackers also mass‑renamed 44 private repositories, indicating continued, unauthorized access.
Why It Matters for TPRM –
- A widely‑adopted open‑source tool was weaponized, exposing any downstream organization that pulls images or binaries without verification.
- The incident demonstrates how incomplete secret rotation can enable persistent supply‑chain compromise.
- Trust in third‑party security tooling is eroded; vendors must prove immutable artifact delivery.
Who Is Affected – Companies that integrate Trivy into CI/CD pipelines, container registries, or vulnerability‑management programs across all sectors (tech, finance, healthcare, manufacturing, etc.).
Recommended Actions –
- Verify the provenance of all Trivy binaries and Docker images (use SBOMs, signatures, or hash verification).
- Enforce immutable tags or digest‑based pulls in Docker Hub and internal registries.
- Rotate all GitHub tokens and secrets atomically; audit token usage logs.
- Conduct a supply‑chain risk assessment for any third‑party scanning tools.
Technical Notes – The breach leveraged compromised GitHub credentials (non‑atomic secret rotation) to modify Trivy source and publish malicious Docker images. Docker Hub tags are mutable, allowing attackers to overwrite trusted versions. Indicators of compromise include the unexpected tags 0.69.5/0.69.6 and the “tpcp‑docs‑” prefix added to 44 repositories. Source: BleepingComputer