top | item 44665111

(no title)

rusteh1 | 7 months ago

I'm not a git expert, but how was the attacker able to push the stability branch directly to the Amazon owned repo? The PR would have been to merge the modified branch to main right?

discuss

shdjhdfh|7 months ago

My guess is that skywhopper is correct. We're only able to see the tail end of the attack, but the repo was likely compromised in some way.

wunderwuzzi23|7 months ago

AWS issued a post and they talk about revoking and replacing a credential.

So maybe the hacker was able to directly push?

https://aws.amazon.com/security/security-bulletins/AWS-2025-...

unitof|7 months ago

Joseph's 404 article quotes the hacker as saying they "got admin privileges on a silver platter," so I think this is it: first part of the breach was gaining the GitHub permission to create a branch. Possibly just by asking.