Service for hosting IT projects GitHub is investigating a series of attacks on its cloud infrastructure, which allowed unknown persons to use the company’s servers to extract cryptocurrency. Reported by The Record.
The attacks have continued since autumn 2020. Cybercriminals abuse the GitHub Actions feature infrastructure. It allows you to automate workflows when certain events, such as a Pull Request , occur in custom repositories on GitHub .
“The attack involves forking a legitimate GitHub repository, adding malicious actions to the source code, and then submitting a merge request to the original repository,” said security expert Justin Perdock.
The GitHub systems then read the malicious code and launch a virtual machine with cryptocurrency mining applications.
According to Perdock, in a single attack, attackers can deploy up to 100 cryptominers, creating huge computational loads for the GitHub infrastructure.
One of my repo’s just got hit with a similar attack. Account in question has a bunch of other open PR’s that currently have miners running. https://t.co/PZxApykuO9 pic.twitter.com/zugl7mFK0K
– Justin Perdok (@JustinPerdok) April 2, 2021
GitHub representatives said that the incident did not affect user data and their repositories. The company is blocking the accounts of the attackers, but they are actively creating new accounts.