"“While we currently have no evidence of impact to customer information stored outside of GitHub's internal repositories (such as our customers' enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity,” the Microsoft-owned subsidiary said."
"“As always, this is not a ransom,” the group said in a post, according to screenshots shared by Dark Web Informer. “We do not care about extorting GitHub, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found, we leak it for free.”"
"“The attacker compromised a GitHub account via a previous attack, dumped GitHub secrets from a repository to which the user had access, and from there had access to the PyPi token to publish directly,” Google-owned Wiz said."
"“The payload embedded into the package is a dropper, which is configured to fetch and run a second-stage payload (“rope"
GitHub is investigating unauthorized access to its internal repositories after TeamPCP listed GitHub source code and internal organizations for sale on a cybercrime forum. GitHub stated there is currently no evidence that customer information stored outside GitHub internal repositories was impacted, and it is monitoring infrastructure for follow-on activity. GitHub said it will notify customers through established incident response and notification channels if any impact is discovered. TeamPCP allegedly offered about 4,000 repositories for at least $50,000 and claimed the activity is not ransom. TeamPCP’s malware campaign also compromised the durabletask PyPI package by using a previously compromised GitHub account, dumping repository secrets, obtaining a PyPI token, and publishing malicious package versions containing a dropper that fetches and runs a second-stage payload.
#github-security #unauthorized-access #cybercrime-forums #software-supply-chain-attacks #pypi-malware
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]