Executive Summary
A sophisticated and highly automated supply chain attack, designated as the Megalodon campaign, has compromised 5,561 public GitHub repositories by injecting malicious CI/CD workflows. The attack, executed within a six-hour window on May 18, 2026, leveraged compromised developer credentials to push 5,718 malicious commits. The injected workflows exfiltrate sensitive secrets and credentials to a remote command-and-control (C2) server. The campaign is attributed to the threat group TeamPCP, which is known for financially and geopolitically motivated cyber operations. This incident underscores the critical vulnerabilities present in modern software supply chains and the urgent need for robust credential hygiene, CI/CD pipeline security, and rapid incident response.
Threat Actor Profile
The Megalodon campaign is attributed to the threat group TeamPCP, a financially and geopolitically motivated actor with a history of targeting developer infrastructure and software supply chains. TeamPCP has been linked to previous high-profile attacks against organizations such as TanStack, Grafana Labs, OpenAI, and Mistral AI. The group is associated with extortion activities on underground forums like BreachForums, and has ties to other threat collectives including LAPSUS$ and VECT. Notably, TeamPCP has demonstrated both financial and destructive motivations, having deployed wiper malware against targets in Iran and Israel. Their operational sophistication is evident in their use of infostealer malware to harvest developer credentials, automated exploitation of CI/CD pipelines, and rapid, worm-like propagation across thousands of repositories.
Technical Analysis of Malware/TTPs
The Megalodon attack chain begins with the compromise of developer accounts, primarily through infostealer malware infections on developer endpoints. Analysis by Hudson Rock revealed that approximately 33% of affected GitHub usernames matched entries in infostealer logs, confirming the initial access vector. Once in possession of valid credentials, the attackers used throwaway GitHub accounts with randomly generated 8-character usernames (such as rkb8el9r, bhlru9nr, and lo6wt4t6) and forged author identities like build-bot, auto-ci, ci-bot, and pipeline-bot to push malicious commits.
The payload consists of GitHub Actions workflows containing base64-encoded bash scripts. Upon execution, these scripts enumerate and exfiltrate a comprehensive set of secrets and credentials, including CI environment variables, AWS, Google Cloud, and Azure credentials, SSH private keys, Docker and Kubernetes configurations, Vault tokens, Terraform credentials, shell history, API keys, database connection strings, JWTs, PEM private keys, and cloud tokens. The scripts also target files such as .env, credentials.json, and service-account.json, and extract OIDC tokens and platform-specific tokens like GITHUB_TOKEN, GitLab, and Bitbucket tokens.
Two primary workflow variants were observed: the SysDiag variant, which triggers on every push and pull request for mass exploitation, and the Optimize-Build variant, which is more targeted and triggers only on manual execution (workflow_dispatch). The exfiltrated data is sent to a C2 server at 216.126.225[.]129:8443.
The attackers also published malicious npm packages impersonating the Polymarket project, such as polymarket-trading-cli, polymarket-terminal, and polymarket-bot, which included postinstall hooks to further exfiltrate secrets.
Exploitation in the Wild
The Megalodon campaign achieved rapid, worm-like propagation by leveraging compromised tokens to target additional repositories in a cyclical exploitation pattern. Once a repository owner merged a malicious commit, the injected workflow executed in their CI/CD pipeline, exfiltrating secrets and enabling lateral movement to other projects and organizations. The attack affected a broad spectrum of sectors, including open-source software, cloud infrastructure, developer tools, and cryptocurrency projects.
The campaign's global reach was evident, with confirmed destructive activity (wiper malware) against targets in Iran and Israel, indicating both financial and geopolitical motivations. The attackers' use of automated tooling allowed them to compromise thousands of repositories in a matter of hours, demonstrating the scalability and efficiency of modern supply chain attacks.
Victimology and Targeting
The primary victims of the Megalodon campaign were developers and organizations maintaining public GitHub repositories, particularly those with weak credential hygiene or insufficient CI/CD pipeline security. High-profile victims included the Tiledesk project (@tiledesk/tiledesk-server and related repositories), Black-Iron-Project, and WISE-Community. The attack also targeted the broader open-source ecosystem by publishing malicious npm packages under the guise of legitimate projects.
Geographically, the campaign was global in scope, but specific destructive actions were observed against entities in Iran and Israel. The attackers' selection of targets suggests a dual focus on financial gain (via credential theft and extortion) and geopolitical disruption (via wiper malware).
Mitigation and Countermeasures
Immediate mitigation steps include revoking and rotating all CI/CD tokens and secrets, especially those associated with affected repositories. Organizations should audit their GitHub repositories for unauthorized commits, particularly those authored by suspicious accounts or containing new or modified workflow files. It is critical to review and restrict the permissions of Personal Access Tokens (PATs) and deploy keys, enforce multi-factor authentication (MFA) for all developer accounts, and migrate to Trusted Publishing mechanisms where possible to reduce reliance on static tokens.
The npm registry has invalidated all granular access tokens with write access that bypassed 2FA and strongly recommends migration to Trusted Publishing. Security teams should monitor for connections to the C2 server (216.126.225[.]129:8443) and inspect logs for evidence of secrets exfiltration. Implementing supply chain security monitoring, such as automated scanning for malicious workflows and dependency analysis, is essential to detect and prevent similar attacks in the future.
Organizations are encouraged to consult the CSV dataset published by SafeDep for a comprehensive list of affected repositories and to leverage threat intelligence feeds for up-to-date indicators of compromise.
References
The Hacker News: Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows SafeDep Report: Megalodon GitHub Attack Hudson Rock Analysis: Megalodon Supply Chain Attack Socket Security Advisory: npm Token Burn StepSecurity: Megalodon Mass GitHub Actions Secret Exfiltration Reddit: r/pwnhub Megalodon Attack Discussion LinkedIn: The Cyber Security Hub Post HackRead: 5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack MITRE ATT&CK Framework: https://attack.mitre.org/
About Rescana
Rescana is a leader in Third-Party Risk Management (TPRM), providing organizations with a comprehensive platform to continuously monitor, assess, and mitigate risks across their digital supply chain. Our advanced analytics and automation empower security teams to identify vulnerabilities, enforce best practices, and respond rapidly to emerging threats. For further information or to discuss how Rescana can help secure your organization’s supply chain, we are happy to answer questions at ops@rescana.com.
