Github Reveals Small Campaign of Social Engineering Targeting Technological Organizations
In a recent statement, the GITHUB service announced a small campaign of social engineering, which was organized by the Jade Sleet or Tradertraitor group, which is allegedly related to the DPRK. Attackers aimed at accounts of employees of technological organizations, including with blockchain, cryptocurrencies and online gambling sectors. At the same time, not a single GitHub or NPM system was compromised, as reported in Official Blog.
The attack methods included the use of fake accounts on GitHub and other social platforms: LinkedIn, Slack and Telegram. After establishing contact, the attackers proposed cooperation on the repository containing software with malicious NPM depending.
In response to the threat of Github, he blocked all the accounting records of the campaign and published their list. In the light of events, the organization Nautilus conducted an independent study and revealed that about 2.95% of 1.25 million Github repositories are vulnerable to Repojacking. This creates the potential for large-scale attacks.
Github itself offered several recommendations for security strengthening. The platform called on users to be on the guard when receiving proposals for cooperation or installation of NPM packets through social networks, if they are associated with targeted industries. In addition, experts advised to pay attention to dependencies and installation scripts, especially if they were published recently and include network connections.
Users who are at the sight of the attackers recommend contacting the cybersecurity department of their employer. If the target content has been made, it is advisable to reset the settings or reinstall the devices, change passwords from accounts and replace sensitive accounting data/tokens.