THREATOPS
THREAT OPSThreat News › Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers

Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers

infosnykPublished 2026-04-27

Attackers exploited a GitHub Actions script injection vulnerability to publish a malicious version of the elementary-data Python CLI (v0.23.3), embedding a credential-stealing backdoor that targeted dbt profiles, cloud provider keys, and SSH secrets from data engineering environments.

MITRE ATT&CK techniques

Original source: https://snyk.io/blog/malicious-release-of-elementary-data-pypi-package-steals-cloud-credentials-from-data-engineers/