Use of URL-shortening services to conceal the true destination of the malicious link.Targeting of currently-active GitHub users across many companies in the tech sector and in multiple countries via email addresses used for public commits.The phishing email is sourced from legitimate domains, using compromised email servers or stolen API credentials for legitimate bulk email providers.The attacker uses the following tactics, but not all tactics are used in every case: Accounts protected by hardware security keys are not vulnerable to this attack. For users with TOTP-based two-factor authentication enabled, the site also relays any TOTP codes to the attacker and GitHub in real-time, allowing the attacker to break into accounts protected by TOTP-based two-factor authentication. Here’s a typical example:Ĭlicking the link takes the user to a phishing site mimicking the GitHub login page, which steals any credentials entered. Specific details may vary since there are many different lure messages in use. The message goes on to invite users to click on a malicious link to review the change. The phishing message claims that a repository or setting in a GitHub user’s account has changed or that unauthorized activity has been detected. We’re publishing this blog to increase awareness of this ongoing threat. Over the last week, GitHub has received reports related to a phishing campaign targeting our customers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |