Seriously. All credentials compromised that it can see. It's active in CI/CD pipelines and follow on attacks are happening.