GitHub in an advisory mentioned, GitHub accounts being hacked by bad actors impersonating the CircleCI DevOps platform by an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes.
The Microsoft owned code hosting service discovered the attack on September 16, 2022, where the campaign impacted “many victim organizations. Users were notified suggesting their CircleCI sessions have expired and they should log in using GitHub credentials by clicking on a link.
Accounts protected by hardware security keys are not vulnerable to this attack, according to Alexis Wales of GitHub.
An attacker might create a GitHub personal access token, authorize OAuth applications, or add SSH keys when they’re able to gain unauthorized access to your account.The attacker has also been downloading private content from a repository, and even creating new accounts in the organization if this is an account with management permissions over it.
GitHub has taken steps to fix the security of accounts. This includes notifying those affected and removing any maliciously-added credentials.
In order to prevent data breaches, organizations should consider using hardware security keys.
GitHub suffered a recent phishing attack. They were able to do this through abusing third party OAuth user tokens which were maintained by Heroku and Travis CI.
NSA and CISA Advice for Critical Infrastructure Operators to protect their Systems
Python Tarfile Flaw Sneaks In Over 350,000 Open Source Projects
How Uber security was breached This Month by Lapsus$ Gang?