GitHub announced Tuesday that it is investigating unauthorized access to its internal repositories after a notorious threat actor known as TeamPCP listed the platform’s source code and internal organization for sale on a cybercrime forum.
“At this time, there is no evidence of any impact to customer information stored outside of GitHub’s internal repositories (such as customer companies, organizations, and repositories), but we are closely monitoring our infrastructure for any subsequent activity,” the Microsoft-owned subsidiary said.
The company also said it will notify customers through established incident response and notification channels if any impact is discovered.
The development comes after TeamPCP, the threat actor behind a series of software supply chain attacks targeting open source packages, put GitHub’s source code up for sale for an asking price of more than $50,000. The alleged data dump is said to include around 4,000 repositories.
“As always, this is not a ransom,” the group said in a post, according to a screenshot shared by Dark Web Informer. “We have no interest in extorting GitHub and a single buyer. We shred the data on our end. It looks like we’re nearing retirement, so if we can’t find a buyer, we’ll leak it for free.”
TeamPCP compromises the durabletask PyPI package
News of the sale comes as TeamPCP’s self-replicating malware campaign, known as Mini Shai-Hulud, continues to expand its reach by compromising durabletask, the official Microsoft Python client for the Durable Task workflow execution framework. Three malicious package versions have been identified: 1.4.1, 1.4.2, and 1.4.3.
“The attackers compromised GitHub accounts through a previous attack, dumped GitHub secrets from repositories that users were accessing, and accessed and directly exposed PyPi tokens from there,” Google-owned Wiz said.
The payload embedded in the package is a dropper that is configured to retrieve and execute a second stage payload (‘rope.pyz’) from an external server (‘check.git-service’).[.]This malware is assessed to be an evolution of the payload deployed in connection with last week’s breach of the guardrails-ai package.
Specifically, it is designed to collect credentials associated with major cloud providers, password managers, and developer tools, and activate a full-featured infostealer that can exfiltrate data to attacker-controlled domains. Please note that Stealer is configured to run only on Linux systems.
According to SafeDep, the 28KB Python stealer also attempts to read HashiCorp Vault KV secrets, unlock and dump 1Password and Bitwarden password vaults, and access SSH keys, Docker credentials, VPN configuration, and shell history.
“If the machine is running within AWS, it uses SSM to propagate itself to other EC2 instances. If it’s in Kubernetes, it propagates through kubectl exec,” Aikido Security said. “And if it detects an Israeli or Iranian system configuration, there is a 1 in 6 chance of playing audio and then running rm -rf /*.”
According to StepSecurity, “After enumerating the SSM-managed instances, we use SendCommand and the AWS-RunShellScript document to run the rope.pyz payload on up to five other EC2 instances per profile.” “The propagation script downloads the payload from the primary C2 and falls back to the secondary domain tm-kosche.[.]com and run it in the background. ”
It is also worth noting that the FIRESCALE mechanism is used to identify a backup command and control (C2) address if the primary domain is unreachable. This is done by searching for the pattern “FIRESCALE” in GitHub’s public commit messages. Then extract C2 information from there. The details of this technique were previously covered by Hunt.io.
The number of affected packages is expected to increase as the worm propagates using tokens stolen from infected environments. Any machine or pipeline that has the affected version of the package installed must be treated as fully compromised.
“The package is downloaded approximately 417,000 times per month, and the malicious code is automatically executed the moment the package is imported, without any error messages or visible signs of compromise,” said Peyton Kennedy, a researcher at Endor Labs.
Source link
