Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Executive Summary
In early March 2026, cybersecurity researchers identified a coordinated supply chain attack involving five malicious Rust crates—'chrono_anchor', 'dnp3times', 'time_calibrator', 'time_calibrators', and 'time-sync'—that masqueraded as time-related utilities. These crates exfiltrated sensitive '.env' files containing developer secrets to attacker-controlled infrastructure. Concurrently, an AI-powered bot named 'hackerbot-claw' exploited misconfigured GitHub Actions workflows in major open-source repositories, achieving remote code execution and stealing access tokens. This bot targeted repositories from organizations such as Microsoft, Datadog, and Aqua Security, leading to unauthorized code execution and potential repository takeovers. These incidents underscore the escalating threats to software supply chains, particularly through the exploitation of CI/CD pipeline vulnerabilities and the use of AI-driven automation in cyber attacks. Organizations must prioritize securing their development environments by auditing dependencies, implementing strict access controls, and continuously monitoring for anomalous activities to mitigate such risks.
Why This Matters Now
The recent incidents involving malicious Rust crates and the 'hackerbot-claw' AI bot highlight the urgent need for organizations to secure their CI/CD pipelines and software supply chains. As attackers increasingly leverage automation and AI to exploit vulnerabilities, it is crucial to implement robust security measures, conduct regular audits, and stay vigilant against evolving threats to protect sensitive developer secrets and maintain the integrity of software development processes.
Attack Path Analysis
The adversary initiated the attack by publishing five malicious Rust crates masquerading as time-related utilities to crates.io, leading developers to incorporate them into their projects. Upon execution within CI/CD pipelines, these crates accessed and exfiltrated sensitive information from .env files, transmitting the data to attacker-controlled infrastructure. The exfiltration was facilitated through the existing command and control channels established by the malicious crates. The stolen credentials enabled the adversary to gain unauthorized access to downstream environments, including cloud services and databases, potentially leading to further exploitation and compromise.
Kill Chain Progression
Initial Compromise
Description
The adversary published five malicious Rust crates posing as time-related utilities to crates.io, leading developers to incorporate them into their projects.
Related CVEs
CVE-2026-28353
CVSS 10The Trivy VSCode Extension version 1.8.12, distributed via OpenVSX marketplace, was compromised to include malicious code that leverages local AI coding agents to collect and exfiltrate sensitive information.
Affected Products:
Aqua Security Trivy VSCode Extension – 1.8.12
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Supply Chain Compromise: Compromise Software Supply Chain
User Execution
Masquerading
Unsecured Credentials: Credentials in Files
Data from Local System
Acquire Infrastructure: Domains
Application Layer Protocol: Web Protocols
Exfiltration Over C2 Channel
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Change Control Processes
Control ID: 6.4.1
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Data
Control ID: Pillar 3
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Supply-chain attacks targeting Rust crates and CI/CD pipelines directly compromise software development environments, exposing API keys, tokens, and deployment credentials critical to software engineering operations.
Information Technology/IT
Malicious dependencies and AI-powered CI/CD exploitation threaten IT infrastructure security, requiring enhanced egress filtering, zero trust segmentation, and multicloud visibility controls for protection.
Computer/Network Security
Cybersecurity firms face direct targeting as demonstrated by Aqua Security compromise, with attackers exploiting security tools and VS Code extensions to weaponize AI coding agents.
Financial Services
Supply-chain compromises targeting developer secrets pose severe risks to financial institutions' API keys, database tokens, and cloud service credentials, threatening regulatory compliance and customer data.
Sources
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secretshttps://thehackernews.com/2026/03/five-malicious-rust-crates-and-ai-bot.htmlVerified
- CVE-2026-28353 Detailhttps://nvd.nist.gov/vuln/detail/CVE-2026-28353Verified
- Trivy VSCode Extension Security Advisoryhttps://github.com/aquasecurity/trivy-vscode-extension/security/advisories/GHSA-8mr6-gf9x-j8qgVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the adversary's ability to exploit malicious crates, exfiltrate sensitive data, and move laterally within cloud environments, thereby reducing the overall blast radius of the attack.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The adversary's ability to introduce and execute malicious code within the development environment would likely be constrained, reducing the risk of initial compromise.
Control: Zero Trust Segmentation
Mitigation: The adversary's ability to access sensitive information within the CI/CD environment would likely be constrained, reducing the risk of privilege escalation.
Control: East-West Traffic Security
Mitigation: The adversary's ability to move laterally within the cloud environment would likely be constrained, reducing the risk of further compromise.
Control: Multicloud Visibility & Control
Mitigation: The adversary's ability to establish and maintain command and control channels would likely be constrained, reducing the risk of data exfiltration.
Control: Egress Security & Policy Enforcement
Mitigation: The adversary's ability to exfiltrate sensitive data to external infrastructure would likely be constrained, reducing the risk of data loss.
The adversary's ability to exploit compromised credentials would likely be constrained, reducing the risk of further system compromise.
Impact at a Glance
Affected Business Functions
- Software Development
- Continuous Integration/Continuous Deployment (CI/CD)
Estimated downtime: 7 days
Estimated loss: $50,000
API keys, tokens, and other secrets stored in .env files
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict access between workloads and prevent unauthorized lateral movement.
- • Enforce Egress Security & Policy Enforcement to control outbound traffic and prevent data exfiltration to unauthorized destinations.
- • Utilize Multicloud Visibility & Control to monitor and detect anomalous activities across cloud environments.
- • Apply Threat Detection & Anomaly Response mechanisms to identify and respond to suspicious behaviors in real-time.
- • Regularly audit and secure CI/CD pipelines to prevent the incorporation of malicious dependencies and ensure the integrity of the software supply chain.
