ACSC warns of ongoing targeting of online code repositories

The Australian Cyber Security Centre (ACSC) has released a high priority alert regarding the ongoing targeting of online code repositories.

The ACSC says the alert is relevant to all Australians and Australian organisations, including organisation leaders, that maintain online code repositories, publish public software packages, or use third party packages or software sourced from online repositories.

Threat actors have been observed gaining access to online code repositories through:

• phishing/vishing
• social engineering
• compromised credentials
• compromised authentication tokens
• infected software packages.
   

The following activities have been noted as being performed by threat actors after gaining access to privileged systems and accounts:

• Modifying public packages to initiate supply-chain compromises.
• Running open-source tools to scan for cryptographic secrets, passwords and sensitive keys stored in online code repositories.
• Extracting and leaking identified credentials publicly.
• Migrating private repositories to public repositories.
   

Threat actors have also been observed abusing legitimate tooling and functions to achieve these results, rather than bespoke tooling.

The risk of exposed code bases can allow actors a better understanding of internal processes and systems, increasing an organisation’s attack surface and enabling future, novel attacks.

Originally published here.