Skip to content
supplychainattack.orgSupply chain attack incident catalog
activehigh

Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign

A coordinated supply chain campaign dubbed "prt-scan" involved a single attacker controlling six GitHub accounts to exploit the pull_request_target GitHub Actions trigger. The campaign represents a follow-up to the earlier hackerbot-claw campaign, targeting CI/CD workflows with AI-powered attack methods.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Supply chain developers using prt-scan and similar CI/CD systems exploiting pull_request_target
Ecosystems
Other
Attack vectors
Malicious commitAccount takeover
Threat actor
prt-scan
Affected entities
  • prt-scanTarget of supply chain campaign exploiting pull_request_target GitHub Actions feature

A sophisticated supply chain campaign targeting CI/CD infrastructure has been identified by Wiz researchers. The attack, named the "prt-scan" campaign, involved a single attacker operating six separate GitHub accounts to exploit the pull_request_target GitHub Actions trigger—a known vector for code injection in CI/CD pipelines.

This campaign represents a continuation of threats earlier demonstrated by the "hackerbot-claw" campaign, confirming that adversaries are actively developing repeatable tactics against GitHub Actions workflows. The pull_request_target trigger allows pull request code to run in the context of the base branch, creating a critical security boundary issue when combined with malicious inputs.

Wiz researchers traced the attacker's activity back three weeks before public detection, indicating the campaign had been operating covertly while establishing infrastructure across multiple accounts. The use of multiple accounts suggests sophistication in obfuscating attack patterns and distributing malicious actions across the supply chain.

The campaign highlights the ongoing threat to development infrastructure and the need for organizations to audit pull request handling in their CI/CD pipelines.

Remediation

  • Audit and restrict use of pull_request_target in GitHub Actions workflows; prefer pull_request trigger with explicit secret management
  • Implement mandatory code review and approval gates for all pull requests before CI/CD execution
  • Monitor GitHub account activity for suspicious patterns, including mass account creation and coordinated pull request activity
  • Apply the principle of least privilege to GitHub Actions secrets and environment variables
  • Use tools to detect and alert on unusual CI/CD pipeline modifications or account behavior

Sources

  1. Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign · Wiz

Cite this entry

"Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed April 4, 2026; last updated June 7, 2026. https://supplychainattack.org/incident/six-accounts-one-actor-inside-the-prt-scan-supply-chain-campaign-1s2s4f

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

Related incidents

  1. containedcritical

    Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets

    On May 22, 2026, an attacker with push access to the Laravel-Lang GitHub organization rewrote git tags across multiple Composer packages to distribute malicious payloads that exfiltrate CI secrets. The attack affected laravel-lang/http-statuses, laravel-lang/actions, and laravel-lang/attributes, targeting developers who ran composer update or fresh installations.

    OtherAccount takeoverMalicious commit
  2. containedcritical

    xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning

    The official Xygeni GitHub Action (xygeni-action) was compromised on March 3, 2026, via stolen maintainer credentials. An attacker injected a C2 reverse shell backdoor and moved the mutable v5 tag to the malicious commit, silently affecting all workflows referencing @v5. The v5 tag remained poisoned as of March 9, 2026.

    OtherAccount takeoverMalicious commit
  3. containedcritical

    Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents

    On June 5, 2026, the Miasma worm campaign compromised Microsoft's Azure GitHub organizations by pushing a malicious commit to the Azure/durabletask repository using a compromised contributor account. GitHub disabled 73 repositories across four Microsoft organizations after configuration files were planted to harvest credentials when developers opened repositories in AI coding agents like Claude Code, Gemini CLI, Cursor, or VS Code.

    MiasmaAI agents & skillsMalicious commitAccount takeover
  4. activehigh

    Axios NPM Distribution Compromised in Supply Chain Attack

    A compromised axios maintainer account led to malicious npm releases affecting projects with active dependencies on the package. The incident involved unauthorized releases propagated through the npm distribution network.

    UNC1069npmAccount takeoverMalicious commit