Github hacked, bidding war for source code at R1.6 million
Code sharing platform GitHub, which has over 150 million registered developers worldwide, announced on Wednesday that an unauthorised actor had gained access to its internal systems.
A threat actor known as TeamPCP claimed responsibility for the incident and listed GitHub’s source code for sale, along with around 4,000 code repositories, at a starting price of $50,000 (R835,635).
The group later updated the forum post in which it announced the breach, stating that it had received an offer of $95,000 (R1.6 million).
In a series of posts on Twitter/X, GitHub said that TeamPCP’s claims were “directionally consistent with our investigations so far.”
The Microsoft-owned platform said it currently had no evidence of any impact on customer information stored outside its internal repositories, such as customers’ private groups and repositories.
“If any impact is discovered, we will notify customers via established incident response and notification channels,” it said.
TeamPCP posted on a popular hacker forum that it was selling GitHub source code and “internal orgs”. It said no low-ball offers would be accepted.
“Everything for the main platform is there, and I am very happy to send samples to interested buyers to verify the absolute authenticity,” the group stated.
“There is a total of around ~4,000 repos of private code here,” TeamPCP said. This was the claim GitHub said was “directionally consistent” with its investigation, although it said the number was closer to 3,800.
TeamPCP added that it was not extorting GitHub, but rather looking for a single buyer before “shredding” the data on their end.
“It looks like our retirement is soon, so if no buyer is found we will leak it free,” it said in a post on a popular hacker forum.
According to GitHub, the hack of its internal systems originated in the compromise of an employee’s device involving a poisoned Visual Studio Code (VS Code) extension.
VS Code is a popular programming tool created by Microsoft. A lightweight development environment, VS Code is a text editor which can be customised with extensions for various programming tasks.
GitHub did not specify which VS Code add-on was used. “We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” GitHub stated.
GitHub’s response teams moved quickly to reduce risks and began changing its passwords and other critical access information, with the highest-impact credentials changed first.
“Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only,” it said.
The company said that its teams were still analysing logs, validating credential rotation and monitoring for any follow-on activity. It said it would publish a fuller report once the investigation was complete.
AI also made hackers better and faster
There are growing concerns globally among companies about the proliferation and expanded capabilities of generative AI software, which are strengthening threat actor groups.
Bijan Sanii, CEO of Canadian fraud detection provider Inetco, which provides services to Standard Bank and African Bank, told MyBroadband that AI was accelerating hacking attempts.
“AI-assisted tools can help attackers discover and exploit vulnerabilities much faster,” he said. Discovery, testing and potential weaponisation of software weaknesses is becoming easier with these tools.
Ian van Rensburg, security engineering head for Africa at cybersecurity firm Check Point Software, said that hackers and security professionals were now engaged in an AI arms race.
“Hackers are using AI, and their attacks are now at the speed of a machine and not a human. These things get exploited very quickly,” he said.
At the same time, cybersecurity experts are using AI to find vulnerabilities before threat actors can and patch these holes before they can be exploited.
Last week, a team of researchers from California used Anthropic’s Mythos to create a rare, working compromise of MacOS that defeats Apple’s strongest on-device protection.
“Mythos Preview is powerful: once it has learned how to attack a class of problems, it generalises to nearly any problem in that class,” researchers from cybersecurity firm Calif said in a blog post.
They said that with the right strategy and AI, even a tiny company can become so mighty that the world’s largest companies ask for their help.
Loading ...