Trivy Supply Chain Attack: Mandiant Warns 10,000+ Downstream Victims as Extortion Wave Begins

Mandiant is responding to a major ongoing supply-chain attack involving the compromise of Trivy, a widely-used open-source security tool from Aqua Security used to find vulnerabilities in code repositories.

The Attack

Attack Timeline

1. Late February: Attackers exploit Trivy's GitHub Actions misconfiguration to steal privileged access token
2. March 1: Aqua Security changes credentials, but the fix fails — attacker retains valid logins
3. March 19: Attackers publish malicious Trivy releases containing backdoors
4. Ongoing: Mandiant responding; widespread breach disclosures expected

Why It's Devastating

Trivy is designed to find vulnerabilities — meaning organizations that used it were literally running security scans with compromised software that had access to their secrets. The irony is brutal.

• Attackers gained access to secrets for many organizations through the compromised tool
• Mandiant expects "loud and aggressive" extortion attempts
• Follow-on supply chain attacks on other software packages are anticipated

Expert Quote

Charles Carmakal (Mandiant CTO): "That thousand-plus downstream victims will probably expand into another 500, another 1,000, maybe another 10,000. There will likely be many other software packages, supply-chain attacks and a variety of other compromises."

Action Required

Organizations using Trivy should:

1. Immediately update to the latest verified version
2. Rotate all credentials and secrets that may have been exposed
3. Audit GitHub Actions and CI/CD pipelines for unauthorized access
4. Monitor for extortion attempts