Doing a bit of investigation with github_events in clickhouse, it is quite clear that the accounts used to perform the attack was "2ft2dKo28UazTZ", "mmvojwip" also seems suspicious:
It seems i forgot to cater for the quota applied to free "play" user in ClickHouse in my previous query... In fact, the threat actor did a lot more... this should give a better list of actions that was performed - Clearly showed he was testing his payload:
Nice find. Its a bit strange that the PRs listed there, are not present at all in the coinbase repo. Seems like the attack was directed there, but I also did not hear anything from Coinbase on this.
eg. Target their NPM and PYPI tokens, so they can push compromised packages.
I wonder if they forked it to "experiment" with the workflow coinbase has and doesn't actually make any pull request toward them, perhaps to validate their hypothesis/attack. with that said, coinbase pulled the workflow that used tj-actions/changed-files immediately around this time so hopefully no harm was done
https://github.com/coinbase/agentkit/pull/570/files
Note that these account seems to be deleted now - 2ft2dKo28UazTZ clearly did more than just changed-files and also seem to target coinbase/agentkit as well (Actually .. they might be targeted by the threat actor)
The attacker was trying to compromise agentkit and found changed-files used in the repo so looked around. Found that it was using a bot with a PAT to release.
Totally possible the bot account had a weak password, and the maintainer said it didn't have 2FA.
They got the release bot PAT so they tried possibly quite an obvious vector that. They didn't need anything sophisticated or to exfil the credentials because agentkit is public.
It just so happened that it was detected before agentkit updated dependencies.
It's possible that with if thye had checked the dependabot config they could've timed it a bit better so that it's picked up in agentkit before being detected.
edit: Although, I don't think PATs are visible after they're generated?
https://play.clickhouse.com/play?user=play#c2VsZWN0ICogZnJvb...