THREAT OPS › Threat News › Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers
Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers
Attackers exploited a GitHub Actions script injection vulnerability to publish a malicious version of the elementary-data Python CLI (v0.23.3), embedding a credential-stealing backdoor that targeted dbt profiles, cloud provider keys, and SSH secrets from data engineering environments.
MITRE ATT&CK techniques
- CredentialsT1589.001