<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Clara Decotignie, Auteur</title>
	<atom:link href="https://www.riskinsight-wavestone.com/en/author/clara-decotignie/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.riskinsight-wavestone.com/en/author/clara-decotignie/</link>
	<description>The cybersecurity &#38; digital trust blog by Wavestone&#039;s consultants</description>
	<lastBuildDate>Wed, 08 Jul 2026 07:55:14 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	

<image>
	<url>https://www.riskinsight-wavestone.com/wp-content/uploads/2024/02/Blogs-2024_RI-39x39.png</url>
	<title>Clara Decotignie, Auteur</title>
	<link>https://www.riskinsight-wavestone.com/en/author/clara-decotignie/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>CI/CD Security: Supply chain attack from a compromised developer</title>
		<link>https://www.riskinsight-wavestone.com/en/2026/07/ci-cd-security-supply-chain-attack-from-a-compromised-developer/</link>
					<comments>https://www.riskinsight-wavestone.com/en/2026/07/ci-cd-security-supply-chain-attack-from-a-compromised-developer/#respond</comments>
		
		<dc:creator><![CDATA[Clara Decotignie]]></dc:creator>
		<pubDate>Wed, 08 Jul 2026 07:55:12 +0000</pubDate>
				<category><![CDATA[Cybersecurity & Digital Trust]]></category>
		<category><![CDATA[Ethical Hacking & Incident Response]]></category>
		<category><![CDATA[Focus]]></category>
		<category><![CDATA[artefacts]]></category>
		<category><![CDATA[artifactory]]></category>
		<category><![CDATA[CI/CD]]></category>
		<category><![CDATA[CI/CD attacks]]></category>
		<category><![CDATA[CI/CD security]]></category>
		<category><![CDATA[cloud]]></category>
		<category><![CDATA[cloud security]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[DevSecOps]]></category>
		<category><![CDATA[pipeline]]></category>
		<category><![CDATA[runners]]></category>
		<guid isPermaLink="false">https://www.riskinsight-wavestone.com/?p=30390</guid>

					<description><![CDATA[<p>In modern DevOps environments, CI/CD pipelines automate code development, testing, and deployment, enabling rapid delivery and scalability while significantly expanding the attack surface. CI/CD audits conducted in 2025 and 2026 revealed that credentials leaked in repositories, misconfigured runners, insecure artifact...</p>
<p>Cet article <a href="https://www.riskinsight-wavestone.com/en/2026/07/ci-cd-security-supply-chain-attack-from-a-compromised-developer/">CI/CD Security: Supply chain attack from a compromised developer</a> est apparu en premier sur <a href="https://www.riskinsight-wavestone.com/en/">RiskInsight</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p style="text-align: justify;">In modern <strong>DevOps environments</strong>, <strong>CI/CD pipelines</strong> automate code development, testing, and deployment, enabling rapid delivery and scalability while significantly expanding the attack surface.</p>
<p style="text-align: justify;">CI/CD audits conducted in 2025 and 2026 revealed that<strong> credentials leaked</strong> in repositories, <strong>misconfigured runners</strong>, <strong>insecure artifact stores</strong>, and <strong>overly permissive cloud roles</strong> are all vectors attackers can chain to gain persistent, high-privilege access across the entire infrastructure.</p>
<p style="text-align: justify;">A high-level overview of DevOps tooling is illustrated below:</p>
<figure id="attachment_30393" aria-describedby="caption-attachment-30393" style="width: 911px" class="wp-caption aligncenter"><img fetchpriority="high" decoding="async" class="size-full wp-image-30393" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/1-Tools-with-multiple-uses-and-functions-for-DevOps.png" alt="Tools with multiple uses and functions for DevOps" width="911" height="422" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/1-Tools-with-multiple-uses-and-functions-for-DevOps.png 911w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/1-Tools-with-multiple-uses-and-functions-for-DevOps-412x191.png 412w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/1-Tools-with-multiple-uses-and-functions-for-DevOps-71x33.png 71w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/1-Tools-with-multiple-uses-and-functions-for-DevOps-768x356.png 768w" sizes="(max-width: 911px) 100vw, 911px" /><figcaption id="caption-attachment-30393" class="wp-caption-text">Tools with multiple uses and functions for DevOps</figcaption></figure>
<p style="text-align: justify;">A compromise at any stage of the pipeline can provide a path toward more sensitive systems.</p>
<figure id="attachment_30395" aria-describedby="caption-attachment-30395" style="width: 911px" class="wp-caption aligncenter"><img decoding="async" class="size-full wp-image-30395" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/2-DevOps-tools-that-can-become-a-faster-way-for-attackers-to-obtain-a-high-privilege-access-on-the-IS.png" alt="DevOps tools that can become a faster way for attackers to obtain a high privilege access on the IS" width="911" height="380" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/2-DevOps-tools-that-can-become-a-faster-way-for-attackers-to-obtain-a-high-privilege-access-on-the-IS.png 911w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/2-DevOps-tools-that-can-become-a-faster-way-for-attackers-to-obtain-a-high-privilege-access-on-the-IS-437x182.png 437w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/2-DevOps-tools-that-can-become-a-faster-way-for-attackers-to-obtain-a-high-privilege-access-on-the-IS-71x30.png 71w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/2-DevOps-tools-that-can-become-a-faster-way-for-attackers-to-obtain-a-high-privilege-access-on-the-IS-768x320.png 768w" sizes="(max-width: 911px) 100vw, 911px" /><figcaption id="caption-attachment-30395" class="wp-caption-text">DevOps tools that can become a faster way for attackers to obtain a high privilege access on the IS</figcaption></figure>
<p style="text-align: justify;">This article walks through a representative <strong>CI/CD attack kill chain based on observed real-world patterns</strong>, highlighting the most commonly exploited vectors and the key hardening measures to reduce the attack surface at every stage of the pipeline, from source code to production deployment.</p>
<p> </p>
<h2>The Kill Chain: from reconnaissance to persistence</h2>
<h3>Reconnaissance and Initial Access</h3>
<p style="text-align: justify;">The kill chain typically begins with <strong>a phishing targeting developers</strong> to <strong>harvest credentials and MFA codes</strong>, though MFA itself can be bypassed through token hijacking or session theft.</p>
<figure id="attachment_30397" aria-describedby="caption-attachment-30397" style="width: 911px" class="wp-caption aligncenter"><img decoding="async" class="size-full wp-image-30397" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/3-Successful-phishing-attack.png" alt="Successful phishing attack" width="911" height="479" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/3-Successful-phishing-attack.png 911w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/3-Successful-phishing-attack-363x191.png 363w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/3-Successful-phishing-attack-71x37.png 71w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/3-Successful-phishing-attack-768x404.png 768w" sizes="(max-width: 911px) 100vw, 911px" /><figcaption id="caption-attachment-30397" class="wp-caption-text">Successful phishing attack</figcaption></figure>
<p style="text-align: justify;">It should be noted that <strong>credential compromise alone is not always sufficient</strong> to directly access sensitive administrative portals. <strong>Security controls protecting Microsoft 365</strong> administrative interfaces have been strengthened through the implementation of MFA and, where applicable, Conditional Access policies, limiting the impact of phishing on highly privileged access.</p>
<p style="text-align: justify;">However, in <strong>modern enterprise environments</strong> where <strong>most business applications</strong> <strong>rely on Single Sign-On (SSO),</strong> the compromise of a Microsoft session (e.g., through session cookie theft) can provide attackers with access to a wide range of interconnected services, including code repositories and CI/CD platforms. Attackers typically use this initial foothold to identify development environments and <strong>establish persistence</strong> through mechanisms such as <strong>Personal Access Tokens (PATs).</strong></p>
<p style="text-align: justify;">A common but often overlooked risk arises when <strong>user accounts are disabled</strong> at the identity provider level (e.g., <strong>Entra ID</strong>) but <strong>not fully deprovisioned</strong> within repository platforms. In such cases, <strong>previously issued PATs</strong> may remain valid, allowing attackers to retain repository access despite account revocation.</p>
<p style="text-align: justify;">Additional entry points include the <strong>exploitation of known CVEs</strong> and poor credential hygiene. Many major vulnerabilities in DevOps tools are regularly discovered, highlighting the need for continuous vulnerability management. Exploiting a <strong>critical</strong> <strong>vulnerability</strong> can <strong>directly</strong> provide <strong>privileged</strong> <strong>access</strong> to a <strong>tool in the chain.</strong></p>
<p style="text-align: justify;">Examples include:</p>
<ul>
<li style="text-align: justify;"><span style="color: #808080;"><a style="color: #808080;" href="https://nvd.nist.gov/vuln/detail/cve-2024-23897"><strong>CVE-2024-23897</strong></a></span><strong> (Jenkins)</strong>, which allows unauthenticated attackers to read arbitrary files on the Jenkins controller file system, leading to exposure of sensitive secrets,</li>
<li style="text-align: justify;"><span style="color: #808080;"><a style="color: #808080;" href="https://nvd.nist.gov/vuln/detail/cve-2023-7028"><strong>CVE-2023-7028</strong></a></span><strong> (GitLab)</strong>, in which user account password reset emails could be delivered to an unverified email address,</li>
<li style="text-align: justify;"><span style="color: #808080;"><a style="color: #808080;" href="https://nvd.nist.gov/vuln/detail/cve-2023-36561"><strong>CVE-2023-36561</strong></a></span><strong> (Azure DevOps Server)</strong>, an elevation of privilege vulnerability allowing attackers to gain unauthorized access to functionalities within Azure DevOps Server, with potential impact on pipelines, secrets, and project-level resources.</li>
</ul>
<p> </p>
<p style="text-align: justify;"><strong><u>REMEDIATION – Strengthen Access Controls for Source Code Repository</u></strong></p>
<p style="text-align: justify;">To mitigate initial access risks, organizations should implement controls to prevent unauthorized access, detect persistence, and enforce strong identity governance.</p>
<p style="text-align: justify;"><em><u>Enforce confidential access policies and network exposure</u></em></p>
<ul style="text-align: justify;">
<li>Avoid the use of <strong>generic or shared accounts</strong>,</li>
<li>Use <strong>dedicated developer identities</strong> separated from standard productivity (email and office) accounts to reduce exposure to phishing attacks and limit the impact of credential compromise in CI/CD environments.</li>
<li><strong>Enforce phishing-resistant MFA mechanisms</strong> (FIDO2 keys, certificate, etc.),</li>
<li><strong>Implement Conditional Access policies</strong> to restrict access based on contextual factors such as network location and device compliance.</li>
</ul>
<p style="text-align: justify;"><em><u>Implement mechanisms to detect persistence attempts</u></em></p>
<ul style="text-align: justify;">
<li>Implement <strong>monitoring mechanisms</strong> to detect suspicious creation or usage of <strong>PATs </strong>in GitLab, anomalous activities such as <strong>deployments occurring at unusual times</strong>, etc.</li>
<li>Monitor the addition of <strong>new authentication methods in Entra ID, </strong>as a potential sign of compromise, particularly <strong>passwordless</strong> ones, after a phishing event.</li>
</ul>
<p style="text-align: justify;"><em><u>Recertify all accesses periodically and remediate unused accounts</u></em></p>
<ul style="text-align: justify;">
<li>Disable or remove<strong> unused or inactive accounts</strong>,</li>
<li>Revoke access for <strong>offboarded employees</strong> across all systems,</li>
<li>Conduct periodic access reviews, at least <strong>every six months</strong> for <strong>high-risk users</strong>.</li>
</ul>
<p> </p>
<h3 style="text-align: justify;">Code Repository and Pipeline Compromise</h3>
<p style="text-align: justify;"><strong>Source code repositories</strong> are often <strong>directly integrated with CI/CD pipelines</strong>, meaning that changes to the codebase can automatically trigger build and deployment processes. As a result, compromising a developer account can influence how applications are built and deployed.</p>
<p style="text-align: justify;">To <strong>reduce the risk of unauthorized changes</strong> <strong>reaching</strong> <strong>production</strong>, organizations typically <strong>protect production branches</strong> (e.g., main or master) through pull requests, approvals, and automated validation checks. In contrast, <strong>development branches </strong>are generally <strong>less strictly controlled</strong> to support faster development and testing.</p>
<p style="text-align: justify;">In the observed scenario, the attacker <strong>targets the development branch </strong>and modifies the pipeline configuration file (gitlab-ci.yml), injecting a <strong>malicious command</strong> (aimed at establishing remote access) into an <strong>existing job</strong>. When the pipeline is executed, this command runs on the CI/CD runner, allowing the attacker to gain remote access to it.</p>
<figure id="attachment_30403" aria-describedby="caption-attachment-30403" style="width: 911px" class="wp-caption aligncenter"><img loading="lazy" decoding="async" class="size-full wp-image-30403" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/6-Code-repository-manipulation.png" alt="Code repository manipulation" width="911" height="396" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/6-Code-repository-manipulation.png 911w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/6-Code-repository-manipulation-437x191.png 437w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/6-Code-repository-manipulation-71x31.png 71w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/6-Code-repository-manipulation-768x334.png 768w" sizes="auto, (max-width: 911px) 100vw, 911px" /><figcaption id="caption-attachment-30403" class="wp-caption-text">Code repository manipulation</figcaption></figure>
<p style="text-align: justify;">As part of the compromised CI/CD environment credentials, the <strong>attacker gains access</strong> to a <strong>Nexus token,</strong> which is an <strong>artifact management system, </strong>used to store and distribute trusted build artifacts consumed by downstream pipelines.</p>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><strong><u>REMEDIATION – Harden Code Repository Security Controls</u></strong></p>
<p style="text-align: justify;">Securing the code repository is essential to prevent attackers from abusing CI/CD pipelines after initial access, as repositories directly control how code is built and deployed.</p>
<p style="text-align: justify;"><em><u>Harden code repository to limit pipeline triggers</u></em></p>
<ul style="text-align: justify;">
<li>Configure <strong>protected branches</strong> on the branches used for deployment,</li>
<li><strong>Set up multi-level approval workflows</strong> on merge requests that trigger pipelines and <strong>disable self-approval, </strong></li>
<li>Use <strong>code ownership </strong>to <strong>assign </strong>and <strong>require approval </strong>from <strong>designated owners </strong>on <strong>sensitive files </strong>(e.g. CI/CD job configuration).</li>
</ul>
<p style="text-align: justify;"><em><u>Limit project visibility and permissions</u></em></p>
<ul style="text-align: justify;">
<li><strong>Limit writing permissions</strong> to only those who require them for their role,</li>
<li><strong>Restrict project visibility</strong> based on the <strong>need-to-know principle</strong>, using internal or private (preferred) visibility.</li>
</ul>
<p style="text-align: justify;"><em><u>Establish proper secret management hygiene</u></em></p>
<ul>
<li style="text-align: justify;"><strong>Configure scoped CI/CD secrets the project</strong> level and prefer ephemeral credentials whenever possible,</li>
<li style="text-align: justify;"><strong>Detect secrets in clear text as early as possible </strong>(at commit time or before code is pushed) and revoke immediately if exposed,</li>
<li style="text-align: justify;">Conduct <strong>periodic reviews</strong> (e.g., internal audits or red team exercises) across platforms such as Git repositories, Jira, or Confluence to help identify previously undetected leaks.</li>
</ul>
<p> </p>
<p><strong><u>REMEDIATION – Strengthen Self-Hosted Runner Security Controls</u></strong></p>
<p style="text-align: justify;">Runners are critical components of CI/CD pipelines, as they execute code and handle sensitive data. If compromised, they can be used to move laterally, access secrets, or take control of the environment.</p>
<p style="text-align: justify;"><em><u>Restrict network exposure and execution scope</u></em></p>
<ul style="text-align: justify;">
<li><strong>Restrict runner network traffic </strong>to only what is required for pipeline execution, and enforce <strong>network controls</strong> such as <strong>proxies</strong> and <strong>segmentation</strong> to prevent unrestricted internet access and limit lateral movement within internal networks.</li>
<li><strong>Restrict pipeline triggers</strong> from untrusted or personal repositories.</li>
</ul>
<p style="text-align: justify;"><em><u>Treat runners as sensitive systems</u></em></p>
<ul style="text-align: justify;">
<li>Treat runners as critical servers (<strong>regular OS patching</strong> and <strong>hardening</strong>),</li>
<li>Deploy <strong>Endpoint Detection and Response (EDR)</strong> solutions for process monitoring, including within containerized environments.</li>
</ul>
<p style="text-align: justify;"><em><u>Use dedicated and ephemeral runners</u></em></p>
<ul style="text-align: justify;">
<li>Prefer <strong>dedicated runners per project or environment. </strong>Sharing runners across multiple contexts increases the risk of cross-project contamination and privilege escalation,</li>
<li>Use <strong>ephemeral / autoscaling</strong> runners that are destroyed after each job,</li>
<li>Ensure <strong>VM-based runners</strong> are also <strong>ephemeral</strong> and <strong>isolated </strong>to ensure no residual data or access persists between executions. In addition, rely <strong>only on hardened and trusted base images </strong>(e.g. <strong>golden images</strong> for VM-based runners and approved container images), to prevent execution in compromised or unverified environments.</li>
</ul>
<p style="text-align: justify;"><em><u>Secure container-based runners</u></em></p>
<ul style="text-align: justify;">
<li><strong>Allow only approved and trusted images in pipeline</strong> <strong>executions</strong> to prevent the introduction of malicious code through compromised or unverified images,</li>
<li>Apply <strong>least privilege</strong> in container runtime environments,</li>
<li><strong>Avoid</strong> <strong>privileged mode</strong> and drop unnecessary Linux capabilities,</li>
<li>Use secure build engines <strong>(BuildKit / Buildah) </strong>when <strong>Docker-in-Docker</strong> is required</li>
</ul>
<p style="text-align: justify;"><em><u>Harden Cloud-based runners</u></em></p>
<ul>
<li style="text-align: justify;">When using <strong>cloud-managed runners</strong>, enforce <strong>isolation and identity scoping</strong>, <strong>restrict</strong> <strong>metadata</strong> access to prevent credential exposure from underlying infrastructure, and ensure CI/CD roles are governed by <strong>strict least-privilege IAM policies</strong> to avoid excessive permissions.</li>
</ul>
<p> </p>
<h3>Artifact Poisoning and Dependency Attacks</h3>
<p style="text-align: justify;">In software delivery environments, <strong>artifact management systems </strong>store and distribute <strong>outputs generated by CI/CD pipelines</strong>. These outputs, known as <strong>artifacts</strong>, represent the <strong>packaged results of the build process</strong>, such as compiled binaries, application packages, or deployment images.</p>
<p style="text-align: justify;"><strong>Artifacts</strong> are <strong>stored centrally</strong> to ensure versioning, traceability, and reuse across multiple pipelines. In addition to <strong>application-specific outputs</strong>, these repositories often <strong>also host shared</strong> <strong>components</strong> such as <strong>golden images</strong>, <strong>reusable libraries</strong>, or <strong>common runtime dependencies</strong>. Because they <strong>originate from trusted build processes</strong>, <strong>artifacts</strong> are typically assumed to be safe and are widely <strong>consumed by downstream pipelines</strong> without additional validation.</p>
<p style="text-align: justify;">In the observed scenario, the <strong>attacker uses </strong>previously obtained <strong>credentials</strong> to <strong>authenticate </strong>to the <strong>artifact repository</strong> (<strong>Nexus </strong>in this example) with <strong>excessive</strong> <strong>permissions</strong> (read/write across multiple categories, rather than being limited to a single application scope), and gains access to both production-grade and shared artifacts.</p>
<p style="text-align: justify;">Among these, the attacker identifies a legitimate <strong>Terraform binary</strong> used within the infrastructure deployment process (referred to as the <strong>tofu binary</strong>), which is commonly trusted and consumed by downstream CI/CD pipelines to provision and manage cloud resources.</p>
<figure id="attachment_30405" aria-describedby="caption-attachment-30405" style="width: 1394px" class="wp-caption aligncenter"><img loading="lazy" decoding="async" class="size-full wp-image-30405" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/7-Legitimate-binary-used-for-infrastructure-deployment.png" alt="Legitimate binary used for infrastructure deployment" width="1394" height="949" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/7-Legitimate-binary-used-for-infrastructure-deployment.png 1394w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/7-Legitimate-binary-used-for-infrastructure-deployment-281x191.png 281w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/7-Legitimate-binary-used-for-infrastructure-deployment-57x39.png 57w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/7-Legitimate-binary-used-for-infrastructure-deployment-768x523.png 768w" sizes="auto, (max-width: 1394px) 100vw, 1394px" /><figcaption id="caption-attachment-30405" class="wp-caption-text">Legitimate binary used for infrastructure deployment</figcaption></figure>
<p style="text-align: justify;">The attacker <strong>downloads this artifact locally</strong> and <strong>modifies its contents</strong> by injecting <strong>malicious logic </strong>while preserving its original functionality, and <strong>embeds hidden behavior</strong> designed to <strong>interact</strong> with <strong>AWS Identity and Access Management (IAM) and AWS Security Token Service (STS) services</strong> to retrieve credentials.</p>
<figure id="attachment_30407" aria-describedby="caption-attachment-30407" style="width: 827px" class="wp-caption aligncenter"><img loading="lazy" decoding="async" class="size-full wp-image-30407" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/8-AWS-IAM-and-STS-credential-handling-logic-within-the-Terraform-malicious-binary.png" alt="AWS IAM and STS credential handling logic within the Terraform malicious binary" width="827" height="716" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/8-AWS-IAM-and-STS-credential-handling-logic-within-the-Terraform-malicious-binary.png 827w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/8-AWS-IAM-and-STS-credential-handling-logic-within-the-Terraform-malicious-binary-221x191.png 221w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/8-AWS-IAM-and-STS-credential-handling-logic-within-the-Terraform-malicious-binary-45x39.png 45w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/8-AWS-IAM-and-STS-credential-handling-logic-within-the-Terraform-malicious-binary-768x665.png 768w" sizes="auto, (max-width: 827px) 100vw, 827px" /><figcaption id="caption-attachment-30407" class="wp-caption-text">AWS IAM and STS credential handling logic within the Terraform malicious binary</figcaption></figure>
<p style="text-align: justify;">The modified binary is then <strong>reuploaded to Nexus</strong>, replacing the legitimate version with a <strong>poisoned artifact.</strong></p>
<figure id="attachment_30409" aria-describedby="caption-attachment-30409" style="width: 744px" class="wp-caption aligncenter"><img loading="lazy" decoding="async" class="size-full wp-image-30409" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/9-Uploading-the-malicious-binary.png" alt="Uploading the malicious binary" width="744" height="613" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/9-Uploading-the-malicious-binary.png 744w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/9-Uploading-the-malicious-binary-232x191.png 232w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/9-Uploading-the-malicious-binary-47x39.png 47w" sizes="auto, (max-width: 744px) 100vw, 744px" /><figcaption id="caption-attachment-30409" class="wp-caption-text">Uploading the malicious binary</figcaption></figure>
<p style="text-align: justify;">From this point onward, <strong>any CI/CD pipeline consuming the artifact</strong> automatically retrieves the <strong>compromised binary</strong> as part of its dependency resolution, as it’s still considered trusted.</p>
<figure id="attachment_30411" aria-describedby="caption-attachment-30411" style="width: 911px" class="wp-caption aligncenter"><img loading="lazy" decoding="async" class="size-full wp-image-30411" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/10-Malicious-binary-successfully-downloaded-from-Nexus.png" alt="Malicious binary successfully downloaded from Nexus" width="911" height="473" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/10-Malicious-binary-successfully-downloaded-from-Nexus.png 911w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/10-Malicious-binary-successfully-downloaded-from-Nexus-368x191.png 368w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/10-Malicious-binary-successfully-downloaded-from-Nexus-71x37.png 71w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/10-Malicious-binary-successfully-downloaded-from-Nexus-768x399.png 768w" sizes="auto, (max-width: 911px) 100vw, 911px" /><figcaption id="caption-attachment-30411" class="wp-caption-text">Malicious binary successfully downloaded from Nexus</figcaption></figure>
<p style="text-align: justify;">Upon execution, the <strong>poisoned binary activates the embedded malicious payload, </strong>which is designated to <strong>retrieve the AWS access token</strong> used by the <strong>Terraform execution</strong> context and send it to the attacker-controlled server for exfiltration. It then generates an <strong>obfuscated output encoded in Base32</strong>. Decoding allows reconstruction of a JSON object containing AWS credentials (AccessKeyId, SecretAccessKey, and SessionToken).</p>
<figure id="attachment_30413" aria-describedby="caption-attachment-30413" style="width: 911px" class="wp-caption aligncenter"><img loading="lazy" decoding="async" class="size-full wp-image-30413" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/11-Base32-decoded-payload-revealing-AWS-credentials-after-executing-the-malicious-Terraform-binary.png" alt="Base32-decoded payload revealing AWS credentials after executing the malicious Terraform binary" width="911" height="494" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/11-Base32-decoded-payload-revealing-AWS-credentials-after-executing-the-malicious-Terraform-binary.png 911w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/11-Base32-decoded-payload-revealing-AWS-credentials-after-executing-the-malicious-Terraform-binary-352x191.png 352w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/11-Base32-decoded-payload-revealing-AWS-credentials-after-executing-the-malicious-Terraform-binary-71x39.png 71w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/11-Base32-decoded-payload-revealing-AWS-credentials-after-executing-the-malicious-Terraform-binary-768x416.png 768w" sizes="auto, (max-width: 911px) 100vw, 911px" /><figcaption id="caption-attachment-30413" class="wp-caption-text">Base32-decoded payload revealing AWS credentials after executing the malicious Terraform binary</figcaption></figure>
<p style="text-align: justify;">The attacker configures these credentials locally and uses <strong>AWS STS</strong> (GetCallerIdentity API call) to confirm identity impersonation of the CI/CD runner. </p>
<figure id="attachment_30415" aria-describedby="caption-attachment-30415" style="width: 910px" class="wp-caption aligncenter"><img loading="lazy" decoding="async" class="size-full wp-image-30415" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/12-AWS-access.png" alt="AWS access" width="910" height="182" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/12-AWS-access.png 910w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/12-AWS-access-437x87.png 437w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/12-AWS-access-71x14.png 71w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/12-AWS-access-768x154.png 768w" sizes="auto, (max-width: 910px) 100vw, 910px" /><figcaption id="caption-attachment-30415" class="wp-caption-text">AWS access</figcaption></figure>
<p style="text-align: justify;">This illustration shows the attack chain: artifact compromise, injection of malicious logic, propagation through CI/CD pipelines, and eventual AWS credential theft leading environment compromise.</p>
<figure id="attachment_30417" aria-describedby="caption-attachment-30417" style="width: 911px" class="wp-caption aligncenter"><img loading="lazy" decoding="async" class="size-full wp-image-30417" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/13-Artifactory-compromise-dependency-poisoning.png" alt="Artifactory compromise - dependency poisoning" width="911" height="450" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/13-Artifactory-compromise-dependency-poisoning.png 911w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/13-Artifactory-compromise-dependency-poisoning-387x191.png 387w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/13-Artifactory-compromise-dependency-poisoning-71x35.png 71w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/13-Artifactory-compromise-dependency-poisoning-768x379.png 768w" sizes="auto, (max-width: 911px) 100vw, 911px" /><figcaption id="caption-attachment-30417" class="wp-caption-text">Artifactory compromise &#8211; dependency poisoning</figcaption></figure>
<p style="text-align: justify;">As a result, the attacker gains unauthorized access to AWS resources under the guise of a legitimate identity.</p>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><strong><u>REMEDIATION – Improve Artifactory Access Management Controls</u></strong></p>
<p style="text-align: justify;">Artifact repositories such as Nexus are key CI/CD components used to store and distribute build dependencies and artifacts. They are high-value targets for supply chain attacks.</p>
<p style="text-align: justify;">Security requires strong access control, dependency governance, and continuous integrity monitoring.</p>
<p style="text-align: justify;"><em><u>Harden the artifact repository platform</u></em></p>
<ul style="text-align: justify;">
<li><strong>Allow wide read on repository only at two conditions:</strong> from needed service (CICD) and if password management in dependency exist,</li>
<li>Highly restrict <strong>writing permission</strong>,</li>
<li>Change <strong>default</strong></li>
</ul>
<p style="text-align: justify;"><em><u>Perform Software Composition Analysis (SCA)</u></em></p>
<ul style="text-align: justify;">
<li><strong>Apply Software Composition Analysis</strong> to both <strong>internal dependencies</strong> (stored in local repositories) and <strong>external ones</strong> (retrieved from remote or proxy repositories) to detect known vulnerabilities and outdated components.</li>
</ul>
<p style="text-align: justify;"><em><u>Restrict artifact sources</u></em></p>
<ul>
<li style="text-align: justify;"><strong>Maintain a whitelist of trusted repositories</strong> to ensure only approved sources are used,</li>
<li style="text-align: justify;"><strong>Enforce repository-level controls </strong>to exclude unapproved or vulnerable versions, for example in <strong>Nexus</strong>, or through exclusion rules in <strong>JFrog</strong> Artifactory,</li>
<li style="text-align: justify;"><strong>Prevent CI/CD pipelines from accessing untrusted external sources</strong> by enforcing strict repository boundaries.</li>
</ul>
<p> </p>
<h3>Cloud Compromise via CI/CD Workload Abuse</h3>
<p style="text-align: justify;">In cloud environments, <strong>CI/CD runners</strong> are typically assigned <strong>privileged IAM roles</strong> to perform deployment operations, including creating, modifying, and deleting infrastructure resources. These roles often include <strong>broad permissions</strong> such as <strong>AdministratorAccess</strong> or overly permissive custom policies, enabling the runner to interact with a wide range of AWS services including compute, storage, and identity management.</p>
<p style="text-align: justify;">When <strong>a CI/CD runner is compromised</strong>, an attacker can <strong>directly abuse these privileges</strong> without requiring further escalation. This can lead to <strong>immediate access</strong> to sensitive resources such as <strong>S3</strong> <strong>buckets</strong> or <strong>RDS databases</strong>, enabling <strong>data exfiltration</strong>. The attacker may also leverage <strong>IAM</strong> <strong>permissions</strong> to assume additional roles across <strong>other AWS accounts</strong> or <strong>projects</strong>, facilitating <strong>lateral</strong> <strong>movement</strong> within the organization. In addition, <strong>access to compute-related services</strong> can be abused to deploy, modify, or persist malicious workloads, ultimately resulting in a <strong>full compromise</strong> of the <strong>cloud environment</strong>.</p>
<p style="text-align: justify;">From developer compromise to Cloud takeover: full CI/CD attack path overview</p>
<p style="text-align: justify;">The CI/CD attack chain starts with the initial compromise of a developer and ends with the full takeover of the cloud environment.</p>
<p style="text-align: justify;">The following illustration highlights <strong>key detection and monitoring opportunities across the CI/CD ecosystem</strong>. It shows how security telemetry can be collected and correlated throughout the <strong>different stages</strong> of the CI/CD attack chain, from development activities to CI/CD <strong>runners, artifact repositories, and cloud IAM operations</strong>.</p>
<figure id="attachment_30419" aria-describedby="caption-attachment-30419" style="width: 911px" class="wp-caption aligncenter"><img loading="lazy" decoding="async" class="size-full wp-image-30419" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/14-Kill-chain-Detection.png" alt="Kill chain - Detection" width="911" height="409" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/14-Kill-chain-Detection.png 911w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/14-Kill-chain-Detection-425x191.png 425w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/14-Kill-chain-Detection-71x32.png 71w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/14-Kill-chain-Detection-768x345.png 768w" sizes="auto, (max-width: 911px) 100vw, 911px" /><figcaption id="caption-attachment-30419" class="wp-caption-text">Kill chain &#8211; Detection</figcaption></figure>
<p style="text-align: justify;">Overall, although CI/CD pipelines significantly expand the attack surface, they also provide multiple strategic interception points where centralized logging and security monitoring can enable early detection and response to malicious activity.</p>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;">In conclusion, to achieve a <strong>secure CI/CD pipeline</strong>, security must be considered end-to-end, from developers’ environments to production systems.</p>
<p style="text-align: justify;"><strong>Developers are the first link in the chain</strong>, and securing their accounts is essential. This should be supported by good practices such as secure secret management and regular security awareness.</p>
<p style="text-align: justify;">It’s also important to ensure <strong>proper isolation between environments</strong> and to enforce strict <strong>least</strong> <strong>privilege</strong> for both <strong>users</strong> and <strong>service accounts</strong>.</p>
<p style="text-align: justify;">Security issues cannot be fixed by small patches if the overall pipeline design is weak.</p>
<p style="text-align: justify;">Finally<strong>, deployment use cases</strong> should be clearly defined from the start, as they directly drive the architecture and IAM design choices.</p>
<p style="text-align: justify;">Beyond these technical measures, <strong>CI/CD security must be continuously assessed through regular technical audits</strong> as well as <strong>organizational reviews</strong> of the development lifecycle to ensure risks remain under control as the environment evolves.</p>
<p style="text-align: justify;">For a broader perspective and <strong>higher-level recommendations</strong> on positioning CI/CD as a cornerstone of the information system, see the RiskInsight article: “<span style="color: #808080;"><a style="color: #808080;" href="https://www.riskinsight-wavestone.com/en/2025/09/ci-cd-the-new-cornerstone-of-the-information-system/">CI/CD: the new cornerstone of the information system</a></span>”.</p>
<p> </p>


<p>Cet article <a href="https://www.riskinsight-wavestone.com/en/2026/07/ci-cd-security-supply-chain-attack-from-a-compromised-developer/">CI/CD Security: Supply chain attack from a compromised developer</a> est apparu en premier sur <a href="https://www.riskinsight-wavestone.com/en/">RiskInsight</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.riskinsight-wavestone.com/en/2026/07/ci-cd-security-supply-chain-attack-from-a-compromised-developer/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
