Security researchers at Datadog Security Labs have uncovered a sophisticated attack campaign where threat actors are leveraging dormant GitHub accounts to systematically map corporate infrastructures while maintaining a low profile. These "ghost" accounts, often inactive for years, provide the perfect camouflage for attackers as they discreetly scan organizations, repositories, and user data through GitHub's API.
The campaigns discovered involve automated reconnaissance tools that utilize custom user agents designed to mimic legitimate GitHub activity. By compromising long-dormant accounts or OAuth tokens, attackers exploit inherent trust in established profiles. This technique allows them to avoid triggering security alerts that might typically flag newly created accounts attempting to access sensitive organizational resources. Companies with substantial GitHub presence across multiple repositories appear to be the primary targets, though any organization with public or private GitHub infrastructure could potentially be affected.
This methodical mapping of GitHub organizations presents serious
Comments (0)
Leave a Comment
No comments yet. Be the first to comment!