Supply Chain Attack Hits 'CodeStream' CI/CD Tool; Malicious Version Steals Dev Secrets

CodeStream CI/CD Utility Compromised in Supply Chain Attack, Developer Secrets Stolen

CRITICAL
July 1, 2026
5m read
Supply Chain AttackSecurity OperationsThreat Intelligence

Impact Scope

People Affected

Over 50,000 downloads

Industries Affected

Technology

Related Entities

Organizations

GitHub Security Lab

Products & Tech

CodeStreamAWS GitHub Artifactory

Full Report

Executive Summary

The open-source CI/CD utility CodeStream has been compromised in a significant software supply chain attack. On June 29, 2026, an unauthorized actor published a malicious version, 3.4.1, to the official package registry. This version contained code designed to steal sensitive environment variables, API keys, and other credentials from the systems it was running on. The malicious package was available for 36 hours and was downloaded an estimated 50,000 times before being removed. The developers have released a patched version, 3.4.2, and are advising all users to upgrade immediately and begin rotating all potentially exposed secrets.


Threat Overview

This incident is a classic software supply chain attack, where attackers compromise the build or distribution process of a trusted piece of software to push malicious code to downstream users. The attack on CodeStream is particularly dangerous because CI/CD systems are central to modern software development and are often configured with highly privileged access to other systems.

  • Attack Vector: The threat actor gained access to the project's package registry credentials, allowing them to publish new versions of the software.
  • Malicious Payload: The code injected into version 3.4.1 was specifically designed to be an info-stealer. It scans the environment variables of the machine it runs on, searching for patterns that match common credential formats for services like AWS, GitHub, and Artifactory.
  • Exfiltration: The stolen credentials were exfiltrated using a DNS-over-HTTPS (DoH) tunnel. This is a stealthy technique that can blend in with legitimate DNS traffic, making it harder to detect on a network level.

Technical Analysis

The attack's sophistication lies in its targeting of the CI/CD pipeline. By compromising CodeStream, the attackers could potentially gain access to the 'crown jewels' of any organization using it: source code, private keys, and cloud infrastructure credentials. The choice to use DoH for exfiltration shows a level of technical competence aimed at evading network-based security controls.

Analysis by GitHub Security Lab confirmed the malicious behavior. The injected code would activate upon the execution of the CI/CD utility, perform its scan, and then send the collected data to an attacker-controlled server before continuing with its normal operations, making the malicious activity less obvious.

MITRE ATT&CK TTPs

Impact Assessment

The potential impact for the 50,000+ downloads is severe. Any organization that downloaded and ran version 3.4.1 must assume that all secrets present in their CI/CD environment have been compromised. This includes:

  • Cloud provider API keys (e.g., AWS, GCP, Azure).
  • Source code repository tokens (e.g., GitHub, GitLab).
  • Package registry credentials (e.g., Artifactory, npm, Docker Hub).
  • Database passwords and other application secrets.

With these secrets, attackers could steal source code, deploy malicious code into production, run up huge cloud bills (e.g., for crypto mining), or pivot deeper into the victim's network.

IOCs — Directly from Articles

No specific Indicators of Compromise (e.g., file hashes, C2 domains) were mentioned in the source articles.

Detection & Response

  • Detection:
    • Version Check: The first step is to identify any system that has or had CodeStream version 3.4.1 installed. This can be done via software inventory tools or by checking package manager logs.
    • Network Logs: Hunt for anomalous DNS traffic, particularly a high volume of DNS queries or DoH traffic to unknown domains from build servers or developer workstations. D3FEND's Network Traffic Analysis can help here.
    • Cloud Logs: Review cloud audit logs (e.g., AWS CloudTrail) for any suspicious activity performed using CI/CD service account credentials, such as the creation of new users or access keys.
  • Response:
    • Upgrade Immediately: All users must upgrade to version 3.4.2 or later.
    • Rotate ALL Secrets: This is the most critical response step. Assume all credentials in the CI/CD environment are compromised. This includes API keys, tokens, passwords, and SSH keys. This must be done comprehensively.
    • Audit for Compromise: Review logs for any signs of malicious activity dating back to the time the compromised version was installed.

Mitigation

  • Dependency Pinning and Verification: Pin software dependencies to specific, known-good versions. Use checksums or signatures to verify the integrity of downloaded packages before they are used. This would have prevented the malicious version from being automatically pulled.
  • Least-Privilege for CI/CD: Grant CI/CD systems only the minimum permissions they need to do their job. Use short-lived credentials where possible (e.g., via OIDC with cloud providers) instead of storing long-lived static secrets in the environment.
  • Secret Management: Store secrets in a dedicated vault (e.g., HashiCorp Vault, AWS Secrets Manager) rather than in environment variables, which are easily scraped.
  • Egress Filtering: Implement strict network egress filtering on build servers to control where they can send traffic. By default, deny all outbound traffic and only allow connections to known, required services. This would have blocked the DoH exfiltration.

Timeline of Events

1
June 29, 2026
Malicious version 3.4.1 of CodeStream is published to the official package registry.
2
July 1, 2026
This article was published

MITRE ATT&CK Mitigations

Immediately updating to the clean version (3.4.2) removes the malicious code from the environment.

Rotating all compromised credentials is a critical remediation step to revoke the attacker's access.

Implementing strict egress filtering on build servers to block unexpected outbound connections like DoH can prevent data exfiltration.

While not a direct mitigation for this attack, using dependency scanning tools to verify the integrity (via checksums) of software packages can prevent the use of tampered components.

D3FEND Defensive Countermeasures

The most urgent action is to identify all instances of CodeStream v3.4.1 and immediately upgrade to the patched version, 3.4.2. Following the upgrade, a comprehensive credential rotation process must be initiated. Assume every secret, token, and key accessible by the CI/CD environment is compromised. This includes cloud provider keys, database passwords, and source control tokens. This is a painstaking but non-negotiable step to evict the attacker and remediate the breach. Use infrastructure-as-code to automate the rotation where possible.

Implement strict egress filtering rules for all build agents and CI/CD infrastructure. By default, all outbound traffic should be denied. Create explicit allow-lists for only the necessary destinations, such as your package registry, source control provider, and cloud provider APIs. The CodeStream attack used DNS-over-HTTPS for exfiltration, which could be blocked by disallowing outbound connections on port 443 to any destination not on the allow-list. This turns the network into a 'walled garden', preventing data exfiltration even if a component is compromised.

To prevent future supply chain attacks of this nature, implement a system of dependency verification. Pin dependencies to specific versions and verify their cryptographic hashes (e.g., SHA-256 checksums) against a known-good source during the build process. If a downloaded package's hash does not match the expected hash, the build should fail. This practice, often managed through lock files (e.g., package-lock.json, poetry.lock), would have prevented the malicious CodeStream v3.4.1 from being used, as its hash would not have matched the legitimate v3.4.0.

Timeline of Events

1
June 29, 2026

Malicious version 3.4.1 of CodeStream is published to the official package registry.

Sources & References

Article Author

Jason Gomes

Jason Gomes

• Cybersecurity Practitioner

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.

Threat Intelligence & AnalysisSecurity Orchestration (SOAR/XSOAR)Incident Response & Digital ForensicsSecurity Operations Center (SOC)SIEM & Security AnalyticsCyber Fusion & Threat SharingSecurity Automation & IntegrationManaged Detection & Response (MDR)

Tags

supply chain attackci/cddevsecopsopen sourcecredential theftgithub

📢 Share This Article

Help others stay informed about cybersecurity threats

🎯 MITRE ATT&CK Mapped

Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.

🧠 Enriched & Analyzed

Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.

🛡️ Actionable Guidance

Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.

🔗 STIX Visualizer

Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.

Sigma Generator

Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.