HQ/EMEAFind out how we can help your business
The newly discovered Gitloker campaign currently targets GitHub repositories, wiping their contents and urging victims to contact them over Telegram for additional information.
According to reports, the threat actor behind this campaign, Gitloker, who poses as a cyber incident analyst, is most likely using stolen credentials to compromise targets’ GitHub accounts.
Moreover, it claims to have stolen the victims’ data and created a backup that can be used to restore the erased data. This actor allegedly renamed the repository and included a single README.me file, encouraging victims to contact them over Telegram.
A sample ransom note from this campaign states that the attackers hope the message finds its target. The statement also continues by saying that the message is an urgent notice to inform the target that its data has been compromised and the extortionist has secured a backup.
GitHub has yet to provide a statement regarding the emergence of Gitloker.
Various attacks, like Gitloker, on GitHub users have caused massive damage in the past few months. Hence, the platform recommended that users change their passwords to protect their accounts from unwanted access.
In addition, some of these safety measures should prevent harmful actions like creating new SSH keys, approving new apps, or changing team members. To keep attackers from compromising GitHub accounts and noticing unusual activities, users should enable two-factor authentication (2FA), add a passkey for secure, password-free login, and review and revoke inappropriate access to SSH keys, deployments, and approved integrations.
Developers should also verify all email addresses linked to their accounts, review account security logs to track repository modifications, manage webhooks, check for and revoke new deployment keys, and review each repository’s most recent commits and collaborators regularly.
However, this is not the first time that GitHub accounts have been used to steal data from users’ private repositories. In June 2018, hackers infiltrated Microsoft’s account, the developer platform’s parent firm, obtaining over 500GB of files from Redmond’s private vaults.
GitHub users should not overlook these campaigns as they have proven very damaging. Users should be very cautious when navigating the repository to avoid compromise, especially financial loss.
