• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Ronin Crypto Heist of $618m Traced to North Korea

You are here: Home / General Cyber Security News / Ronin Crypto Heist of $618m Traced to North Korea
April 19, 2022

GitHub has disclosed that dozens of corporations were being compromised by a info thief that employed stolen OAuth tokens to entry their non-public repositories.

The developer platform’s security team opened an investigation into the campaign about a week in the past and had eventually notified all the discovered victims by yesterday.

GitHub CSO, Mike Hanley, claimed that 3rd-party OAuth user tokens preserved by Heroku and Travis CI have been abused by the attacker. Nevertheless, it is not imagined they have been stolen by way of a compromise of GitHub itself as the system does not retailer the tokens in their initial, usable structure, he included.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“Our assessment of other behavior by the risk actor implies that the actors could be mining the downloaded personal repository contents, to which the stolen OAuth token had entry, for strategies that could be made use of to pivot into other infrastructure,” Hanley spelled out.

Among the the companies impacted is program registry npm.

“The first detection associated to this campaign occurred on April 12 when GitHub Security identified unauthorized access to our npm generation infrastructure making use of a compromised AWS API vital,” claimed Hanley.

“Based on subsequent examination, we feel this API vital was attained by the attacker when they downloaded a set of personal npm repositories making use of a stolen OAuth token from just one of the two afflicted 3rd-party OAuth apps explained previously mentioned.”

Following exploring the broader campaign, GitHub’s security group revoked tokens associated with GitHub and npm’s inside use of the compromised OAuth apps.

The Travis CI group stated yesterday that it had revoked and reissued all private buyer auth keys and tokens integrating Travis CI with GitHub but that it doesn’t believe that the issue is a risk to clients.

“On April 15 2022, Travis CI personnel had been educated that selected non-public shopper repositories may possibly have been accessed by an particular person who applied a person-in-the-center 2FA attack, leveraging a third-party integration token,” it mentioned.

“Upon further more evaluation that exact same day, Travis CI personnel figured out that the hacker breached a Heroku service and accessed a non-public software OAuth crucial made use of to combine the Heroku and Travis CI application. This key does not deliver obtain to any Travis CI consumer repositories or any Travis CI client info. We totally investigated this issue and observed no proof of intrusion into a personal shopper repository (i.e. resource code) as the OAuth essential stolen in the Heroku attack does not give that kind of obtain.”

Heroku has revoked all OAuth tokens from the Heroku Dashboard GitHub integration and has temporarily suspended the issuing of tokens from the Heroku Dashboard.


Some components of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Pegasus Spyware Targeted UK Prime Minister, Say Researchers
Next Post: Attacker Accessed Dozens of Repositories After OAuth Token Theft Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Freejacking Campaign By PurpleUrchin Bypasses Captchas
  • ChatGPT Used to Develop New Malicious Tools
  • Dark Web Actors Fight For Drug Trafficking and Illegal Pharmacy Supremacy
  • Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
  • New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
  • UK insurer announces ‘world-first’ cyber catastrophe bond
  • Why Do User Permissions Matter for SaaS Security?
  • FCC plans strict overhaul of 15-year-old US data breach regulations
  • Security updates for Windows 7 finally end, users urged to upgrade
  • Global Cyber-Attack Volume Surges 38% in 2022

Copyright © TheCyberSecurity.News, All Rights Reserved.