A recent attack on GitHub revealed a “Russian trace”
Anton Kuzmin, head of the CyberART Cyber Threat Prevention Center of Innostage Group, announced that a Russian dedicated virtual server (VPS) “Gino” was found in a recent hacker attack on GitHub.
“It is impossible to say exactly about the motives for using Russian VPS hackers. But there are several options – either to attract the easy accessibility of this service, or they want to impersonate “Russian” hackers“, – said Kuzmin. The expert suspects that these versions are only assumptions based on public experience. The true reasons for using the Gino service are currently unknown.
The attacks on GitHub became known on the night of August 3-4. In the context of the meeting, clones of various repositories were uploaded to the site, differing from the originals, differing only in the presence of malicious code.
“The attackers added a special line to the code, as a result of which malware got onto GitHub. When turned on, it collects and sends all the contents of the environment to the hosting server, hosted on the Russian Gino VPS.”, — the essence of hacking and the role of confidential information in it Kuzmin is revealed.
Thus, according to the expert, hackers could get a lot of proprietary information, including logins and passwords of companies that were used by copies. The incident affected about 35 thousand repositories. The number of users who connect to false storages is not reported. At the moment, GitHub has reported that all infected clones of legitimate projects have been removed.