top | item 46256073

(no title)

As an example, there is a hacking group tracked as "Atlas Lion" that has been persistently targeting large retailers' internal systems to steal gift cards that they resell on gray markets for a profit.

I don't believe exploiting GitHub repos for initial access is part of their playbook, but there have been plenty of examples in recent years of attackers gaining access to internal infrastructure via secrets exposed in GitHub (whether in code or Actions workflows). Just this year, attackers got into Salesloft's GitHub, pivoted to their AWS environment, and stole OAuth tokens that gave them access to hundreds of Salesforce customers.

discuss

No comments yet.