CyberSecurity News
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
AI summary
Datadog Security Labs has identified multiple campaigns that are using the GitHub API to systematically gather information about corporate GitHub organizations, repositories, and user accounts. These campaigns utilize automated scraping tools with custom or legitimate-sounding user agents. The operators behind these campaigns are leveraging dormant GitHub accounts, often years old, as well as compromised OAuth tokens and personal information. This approach allows attackers to blend in and map corporate organizations. The use of old accounts and legitimate-sounding tools helps the attackers avoid detection.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.

