Supply Chain Attack: 'elementary-data' Package Compromised to Deliver Infostealer
Executive Summary
In April 2026, the popular Python package 'elementary-data' (version 0.23.3) was compromised through a GitHub Actions script injection vulnerability. Attackers exploited this flaw to execute malicious code, leading to the unauthorized publication of a backdoored package on PyPI and a malicious Docker image. The compromised package, downloaded over 1.1 million times monthly, contained a secrets stealer targeting SSH keys, cloud credentials, and cryptocurrency wallets. Users who installed this version were advised to rotate all exposed credentials and restore their environments from a known safe point. This incident underscores the critical need for secure CI/CD pipelines and vigilant monitoring of open-source dependencies to prevent supply chain attacks.
Why This Matters Now
The 'elementary-data' package compromise highlights the escalating threat of supply chain attacks targeting widely-used open-source software. As attackers increasingly exploit CI/CD pipeline vulnerabilities, organizations must prioritize securing their development workflows and rigorously vet third-party dependencies to mitigate potential breaches.
Attack Path Analysis
An attacker exploited a GitHub Actions script injection vulnerability to gain unauthorized access to the elementary-data project's release pipeline. This allowed the attacker to escalate privileges by obtaining the GITHUB_TOKEN, enabling the creation of a malicious release. The compromised package was distributed via PyPI and Docker Hub, facilitating lateral movement to developers' systems. Upon installation, the package established command and control by executing a secrets stealer targeting sensitive data. The attacker exfiltrated credentials and other sensitive information from compromised systems. The impact included unauthorized access to developers' credentials and potential compromise of associated systems.
Kill Chain Progression
Initial Compromise
Description
The attacker exploited a GitHub Actions script injection vulnerability by posting a malicious comment on a pull request, leading to the execution of attacker-controlled shell code.
MITRE ATT&CK® Techniques
Poisoned Pipeline Execution
Content Injection
Valid Accounts
Credentials in Files
JavaScript
Process Injection
Archive Collected Data
Exfiltration Over C2 Channel
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Secure Software Development
Control ID: 6.3.2
NYDFS 23 NYCRR 500 – Training and Monitoring
Control ID: 500.14
DORA – ICT Risk Management Framework
Control ID: Article 6
CISA ZTMM 2.0 – Data Security
Control ID: Pillar 3
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Direct exposure to PyPI supply chain attacks targeting development tools, compromising developer credentials, SSH keys, and CI/CD secrets through malicious package dependencies.
Information Technology/IT
High risk from compromised data observability tools affecting infrastructure management, with potential exposure of cloud credentials, Kubernetes secrets, and system configuration data.
Financial Services
Critical threat from cryptocurrency wallet theft capabilities and potential compromise of financial data pipelines using affected elementary-data package in analytics workflows.
Health Care / Life Sciences
Significant compliance risk under HIPAA regulations due to potential data pipeline compromises and unauthorized access to sensitive healthcare analytics infrastructure.
Sources
- PyPI package with 1.1M monthly downloads hacked to push infostealerhttps://www.bleepingcomputer.com/news/security/pypi-package-with-11m-monthly-downloads-hacked-to-push-infostealer/Verified
- Chainguard customers safe from elementary-data compromisehttps://www.chainguard.dev/unchained/chainguard-customers-safe-from-elementary-data-compromiseVerified
- Script injections - GitHub Docshttps://docs.github.com/en/actions/concepts/security/script-injectionsVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have constrained the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and identity-aware policies, thereby reducing the blast radius of the compromise.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to execute unauthorized code within the cloud environment would likely be constrained, limiting the initial foothold gained through the GitHub Actions vulnerability.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges by accessing sensitive tokens would likely be limited, reducing the risk of unauthorized actions within the release pipeline.
Control: East-West Traffic Security
Mitigation: The attacker's ability to propagate the malicious package to developers' systems would likely be constrained, limiting lateral movement within the network.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish command and control channels would likely be limited, reducing the effectiveness of the secrets stealer.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to exfiltrate sensitive data would likely be constrained, reducing the risk of data loss.
The overall impact of the attack would likely be reduced, limiting unauthorized access to credentials and associated systems.
Impact at a Glance
Affected Business Functions
- Data Pipeline Monitoring
- Data Quality Assurance
- Data Analytics
Estimated downtime: 3 days
Estimated loss: $50,000
SSH keys, Git credentials, cloud credentials (AWS/GCP/Azure), Kubernetes, Docker, and CI secrets, .env files, developer tokens, cryptocurrency wallet files
Recommended Actions
Key Takeaways & Next Steps
- • Implement strict input validation and sanitization in CI/CD pipelines to prevent script injection vulnerabilities.
- • Enforce least privilege access controls for CI/CD tokens and credentials to minimize potential misuse.
- • Regularly audit and monitor CI/CD workflows for unauthorized changes or anomalies.
- • Utilize code signing and integrity checks to verify the authenticity of software packages before deployment.
- • Educate developers on supply chain security risks and best practices to enhance overall security posture.
