New Software Supply Chain Attack Leverages Sleeper Packages for Credential Theft and Pipeline Exploitation

Overview of the Campaign

Security researchers have uncovered a sophisticated software supply chain attack that uses seemingly innocuous 'sleeper packages' as a stepping stone to deploy malicious payloads. The campaign targets development environments, specifically exploiting CI/CD pipelines to steal credentials, tamper with GitHub Actions workflows, and establish SSH persistence. The activity has been linked to the GitHub account BufferZoneCorp, which published a series of repositories containing malicious Ruby gems and Go modules.

Unlike traditional attacks that immediately deliver malware, this campaign employs a delayed activation mechanism. The sleeper packages appear benign during initial inspection but later execute harmful code once integrated into a developer's pipeline. This stealthy approach has allowed the threat actor to compromise multiple organizations before detection.

How the Attack Unfolds

Sleeper Packages as Trojan Horses

The attack begins with the distribution of malicious gems and modules. These packages contain legitimate functionality to avoid suspicion but include hidden code that triggers after a preset condition—such as a specific date or a build failure. Once activated, the payload downloads additional scripts from a remote server, initiating the credential theft phase. The use of sleeper techniques evades static analysis and sandboxing.

Credential Theft via Environment Exposure

Once the sleeper package is triggered, it scans the CI environment for exposed secrets, including API keys, AWS tokens, and database credentials. The stolen data is exfiltrated to an attacker-controlled endpoint. Because CI pipelines often store secrets as environment variables, this method is highly effective. The attackers can then use these credentials to move laterally within the target network or access cloud resources.

GitHub Actions Tampering

In addition to credential theft, the malicious payload modifies GitHub Actions workflow files. By injecting new steps or altering existing ones, the attacker can execute arbitrary code in subsequent builds. This tampering allows them to maintain persistence, even if the original sleeper package is removed. For example, they might add a step that sends secret keys to an external server during every build.

SSH Persistence Mechanisms

To ensure long-term access, the campaign installs SSH keys on the compromised build runners. This gives the attacker persistent shell access to the infrastructure hosting the CI pipelines. By adding public keys to the authorized_keys file, they can connect at any time and escalate further attacks. This persistence survives container restarts and pipeline resets.

Attribution and Discovery

The GitHub account BufferZoneCorp has been identified as the source of the malicious repositories. While the account profile appears legitimate, the packages it published have been confirmed as harmful. Researchers from multiple security firms have analyzed the code and linked the signatures to previous supply chain attacks. As of the latest report, GitHub has been notified and some repositories have been taken down, but it remains unclear how many organizations were impacted before detection.

The campaign highlights the evolving threat landscape where attackers invest in stealth and persistence. Rather than relying on zero-day exploits, they abuse trust in open-source ecosystems and CI pipeline automation.

Mitigation Recommendations

To defend against such sleeper package attacks, organizations should implement the following measures:

• Verify package sources: Always download gems and modules from trusted registries and check the publisher's history. Avoid packages from unverified accounts like BufferZoneCorp.
• Use static and dynamic analysis: Run CI pipeline scans with tools that can detect delayed activation code, such as taint tracking or time-based triggers.
• Limit secret exposure: Rotate secrets frequently and use short-lived tokens. Avoid storing plaintext credentials in environment variables where possible.
• Monitor GitHub Actions modifications: Set up alerts for any changes to workflow files. Review commits that alter build steps, especially those originating from automated dependencies.
• Implement SSH key management: Restrict automatic SSH key installation on runners. Use ephemeral containers that reset after each build.
• Conduct supply chain audits: Regularly audit all dependencies and third-party packages in use. Remove those with unknown maintainers or suspicious update patterns.

Conclusion

The poisoned Ruby gems and Go modules campaign attributed to BufferZoneCorp underscores a critical vulnerability in modern CI/CD practices. By exploiting trust and delayed execution, attackers can achieve credential theft and pipeline manipulation without immediate detection. Organizations must adopt a proactive security posture, focusing on dependency hygiene, pipeline integrity, and continuous monitoring. As supply chain attacks grow more sophisticated, the developer community must remain vigilant.