Read the full story
ShinyHunters, a notorious cyber criminal group that’s been responsible for numerous data breaches since last year, has been observed searching companies’ GitHub repository source code for vulnerabilities and credentials.
The group has a history of compromising developer code repositories, such as GitHub, to steal credentials or API keys to a company’s cloud services. These are subsequently used to gain access to databases and gather sensitive information to be resold for profit or published for free on hacker forums.
Researchers claim that the group has exposed more than 1.12 million unique email addresses belonging to S&P 100 organisations, education, government and military entities as of late 2020. It is estimated that approximately 20% of all breaches occur as a result of compromised credentials.
Whilst ShinyHunters may not have the notoriety of other ransomware groups, monitoring malicious actors operating in repositories is crucial to preventing an organisation being compromised. It is thought that last year’s SolarWinds winds breach may have stemmed from credentials being inadvertently left in code that was stored in an open source repository.
This is an important reminder to all code developers to ensure that all credentials are removed from any code before storing it in any repositories such as GitHub. Having independent source code reviews throughout the software development cycle can help ensure such information remain confidential.