TZUTC: -0500   
   MSGID: 645.consprcy@1:2320/105 2c47ea92   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Coinbase targeted after recent Github attacks   
      
   Date:   
   Mon, 24 Mar 2025 14:04:00 +0000   
      
   Description:   
   Hundreds of projects suffered as hackers attacked Coinbase.   
      
   FULL STORY   
      
   The endgame of the recent cascading supply chain attack on GitHub was to   
   breach Coinbase, one of the worlds most popular centralized cryptocurrency   
   exchanges, experts have claimed.    
      
   Cybersecurity researchers Unit 42 (Palo Alto), and Wiz, revealed the attack,   
   noting although Coinbase successfully defended itself, it is difficult to    
   deem the attack a failure, since hundreds of other projects suffered as   
   collateral damage.    
      
   Coinbase claims no damage was done - however, 218 other repositories are   
   thought to have been impacted as a result of this attack.   
      
   No damage to Coinbase   
      
   A cascading supply chain attack is a cyberattack where compromising one   
   component, such as a software dependency or tool, triggers a chain reaction   
   that spreads the breach to multiple connected systems or projects.    
      
   In this case, cybercriminals tampered with a small tool, a GitHub Action   
   called reviewdog/action-setup@v1. It is a popular tool that helps automate   
   tasks in software projects. How they breached this Action wasnt revealed, but   
   the attackers managed to get the tool to leak certain access codes into   
   publicly visible logs.    
      
   They then used these codes to inject more malicious code into another widely   
   used tool, called tj-actions/changed-files. This tool is part of Coinbase's   
   development process, and by doing so, they tried to move into the exchanges   
   code repository, gain deeper access, and wreak more havoc.    
      
   "The attacker obtained a GitHub token with write permissions to the   
   coinbase/agentkit repository on March 14, 2025, 15:10 UTC, less than two    
   hours before the larger attack was initiated against   
   tj-actions/changed-files," Palo Alto Unit 42 said.    
      
   "We followed up by sharing more details of our findings with Coinbase, which   
   stated that the attack was unsuccessful at causing any damage to the agentkit   
   project, or any other Coinbase asset," the researchers added.    
      
   Once the threat actors realized their attack against Coinbase was   
   unsuccessful, they pivoted to other projects, the researchers said. We dont   
   know if any other attacks were more fruitful for the criminals.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/coinbase-targeted-after-recent-github-a   
   ttacks   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426