Skip to content
supplychainattack.orgSupply chain attack incident catalog

prt-scan supply chain incidents

Campaign named by Wiz in which a single operator used six GitHub accounts and AI-assisted automation to exploit pull_request_target GitHub Actions workflows at scale.

Also tracked as: prt-scan campaign

1 confirmed incident publicly associated with this group. Attribution reflects what the cited sources state; it is recorded for filtering, not asserted by this site.

  1. activehigh

    Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign

    A coordinated supply chain campaign dubbed "prt-scan" involved a single attacker controlling six GitHub accounts to exploit the pull_request_target GitHub Actions trigger. The campaign represents a follow-up to the earlier hackerbot-claw campaign, targeting CI/CD workflows with AI-powered attack methods.

    prt-scanOtherMalicious commitAccount takeover