BleepingComputer reports that dozens of GitHub repositories are having their contents erased in an ongoing attack campaign by the Gitloker threat operation.
Intrusions likely involved the exploitation of compromised credentials to infiltrate GitHub accounts, with threat actors exfiltrating data within the repositories before establishing a data backup, which would be provided to victims should they meet extortion demands given via Telegram, according to CronUp security researcher German Fernandez.
No further information regarding the attack campaign was provided by GitHub but users of repositories were previously urged to implement more robust passwords, two-factor authentication, and passkeys; conduct more extensive SSH key, deploy key, and repository commit and collaborator reviews; and ensure proper repository webhook management, among others.
Such a development comes amid the persistent targeting of GitHub accounts in data exfiltration attacks, including an attack in March 2020 that involved the theft of over 500 GB of files later exposed by ShinyHunters.
