Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
Summary
Datadog Security Labs has identified campaigns targeting corporate GitHub organizations by enumerating accounts and repositories via the GitHub API. Attackers are using automated scraping tools and dormant or compromised GitHub accounts to blend in while mapping these organizations.
IFF Assessment
FOE
Attackers are using sophisticated methods to gather intelligence on corporate GitHub infrastructure, which can be used to plan further attacks.
Defender Context
Defenders should be aware of this technique to identify suspicious enumeration activity targeting their GitHub organizations. Implementing stricter access controls, monitoring API usage for unusual patterns, and regularly reviewing user activity can help mitigate this threat.