Attackers gained access to GitHub internal repositories through a malicious Visual Studio Code extension. GitHub reported no indication that customer information outside internal repositories, including enterprise environments, organizations, or customer repositories, has been compromised, while monitoring infrastructure for follow-up activity. GitHub later stated the poisoned extension was likely the entry point and is analyzing log files, replacing access credentials, and increasing monitoring to detect additional attacker activity. The attackers claimed about 3,800 compromised repositories, matching initial findings, and may be linked to the Shai-Hulud malware campaign that targets development environments. Reports also describe claims of offering internal source code for sale, mentioning about 4,000 repositories, with public release threatened if no buyer appears. Developers are concerned about whether long-term access could lead to exposure of commercial code and secrets.
"We are investigating unauthorized access to GitHub's internal repositories. At this time, we have no indication that customer information outside of those internal repositories-such as enterprise environments, organizations, or customer repositories-has been compromised. However, we are closely monitoring our infrastructure for any potential follow-up activity."
"Later, the platform announced that a poisoned VS Code extension was likely the entry point for the attack. GitHub says it is currently analyzing log files, replacing access credentials, and conducting additional monitoring to detect follow-up activities by attackers."
"According to GitHub, the attackers' claims regarding approximately 3,800 compromised repositories align with the initial investigation findings. This may involve the same group linked to the Shai-Hulud malware campaign. That malware has been circulating within the npm ecosystem for some time and is associated with multiple attacks on development environments."
"Reports have appeared online in which the attackers claim to be offering internal GitHub source code for sale. They mention approximately 4,000 repositories. The group reportedly stated that they would make the code public if no buyer is found. Such statements have not yet been independently confirmed."
#supply-chain-attacks #malicious-vs-code-extension #unauthorized-access #github-internal-repositories #credential-compromise
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]