GitHub Server Infrastructure Abused In Relentless Crypto-Mining Attack
Late last month, we reported on a trend of rising cybersecurity incidents worldwide that could lead to the end of some businesses. Now, the latest cyberattack victim is Microsoft-owned GitHub, with reports of cybercriminals leveraging GitHub cloud infrastructure to mine cryptocurrency.
Since at least the Fall of 2020, attackers have been abusing a feature called GitHub Actions, which lets users automate tasks and workflows once an event happens within a repository. Once triggered, GitHub Actions can spool up a VM or a container to typically test out code in a live environment. In a phone call to The Record, Dutch security engineer Justin Perdok explained that “at least one threat actor is targeting GitHub repositories where GitHub Actions might be enabled.”
In an email, GitHub explains that it “aware of this activity and are actively investigating,” and has been doing so since last year when the attack was first reported. This is likely a rather difficult issue to fix without changing how GitHub Actions works. Moreover, if you ban accounts, new ones crop up almost immediately. In any case, we will have to see how GitHub properly responds to this security incident, so stay tuned to HotHardware for updates.
(Images courtesy of The Record and Justin Perdok)