Microsoft Releases Guidance to Detect and Defend Against Trivy Supply Chain Attack

Microsoft has released new detection and mitigation guidance following a sophisticated supply chain attack targeting Aqua Security’s popular vulnerability scanner, Trivy.

The incident, tracked as CVE-2026-33634, highlights how trusted security tools can be weaponized to compromise downstream environments at scale.

Supply Chain Compromise Details

The attack was attributed to a threat group known as TeamPCP, which exploited weaknesses in Trivy’s CI/CD pipeline.

By leveraging incomplete remediation from a prior issue, the attackers manipulated GitHub repositories associated with Trivy, specifically abusing mutable tags and self-declared commit identities.

In a coordinated effort, the attackers force-pushed malicious commits to 76 out of 77 version tags in the trivy-action repository and all seven tags in the setup-trivy repository.

Because version tags remained unchanged, affected CI/CD pipelines continued to pull compromised code without triggering suspicion.

At the same time, a trojanized Trivy binary was distributed through official GitHub Releases and container registries.

This allowed the malicious code to propagate widely across developer environments and automated workflows.

The injected payload, written in Python, was designed to execute within GitHub Actions runners. It focused heavily on credential harvesting while maintaining operational stealth.

Notably, the malware allowed legitimate Trivy scans to complete successfully, reducing the likelihood of detection.

Key capabilities of the malware include:

• Cloud credential theft targeting AWS metadata services, Google Cloud service accounts, and Azure environment variables
• Kubernetes secret extraction from mounted service account files and cluster configurations
• Discovery of API keys and tokens through recursive searches in configuration files and developer environments
• Infrastructure data collection, including SSH logs, WireGuard VPN configurations, and database connection strings

Collected data was encrypted using AES-256-CBC combined with RSA encryption and exfiltrated to attacker-controlled infrastructure via typosquatted domains.

Security researchers observed that the campaign extended beyond Trivy, with similar techniques impacting other tools and frameworks such as Checkmarx KICS and LiteLLM.

This indicates a broader effort to target developer pipelines and software supply chains.

Microsoft Defender XDR has been updated to detect and respond to this threat across endpoints, identities, and cloud workloads.

Detection capabilities include identifying abnormal secret access patterns, suspicious metadata queries, and malicious DNS activity linked to TeamPCP infrastructure.

Security teams can also use advanced hunting queries within Defender to identify compromised environments, trace lateral movement, and assess potential data exfiltration.

Microsoft and security researchers recommend immediate action to limit exposure:

• Upgrade Trivy components to safe versions: Trivy binary v0.69.2–v0.69.3, trivy-action v0.35.0, and setup-trivy v0.2.6
• Avoid using mutable version tags; instead, pin GitHub Actions to immutable commit SHAs
• Restrict GITHUB_TOKEN permissions following least privilege principles
• Replace static environment secrets with secure secret management solutions
• Continuously monitor attack paths and rotate credentials to reduce lateral movement risks

This incident underscores the growing risk of CI/CD supply chain attacks, where even trusted security tools can become attack vectors.

Organizations are urged to strengthen pipeline security, enforce integrity controls, and adopt proactive detection strategies to defend against similar threats.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Microsoft Releases Guidance to Detect and Defend Against Trivy Supply Chain Attack appeared first on Cyber Security News.