• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Ronin Crypto Heist of $618m Traced to North Korea

You are here: Home / General Cyber Security News / Ronin Crypto Heist of $618m Traced to North Korea
April 19, 2022

GitHub has disclosed that dozens of corporations were being compromised by a info thief that employed stolen OAuth tokens to entry their non-public repositories.

The developer platform’s security team opened an investigation into the campaign about a week in the past and had eventually notified all the discovered victims by yesterday.

GitHub CSO, Mike Hanley, claimed that 3rd-party OAuth user tokens preserved by Heroku and Travis CI have been abused by the attacker. Nevertheless, it is not imagined they have been stolen by way of a compromise of GitHub itself as the system does not retailer the tokens in their initial, usable structure, he included.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“Our assessment of other behavior by the risk actor implies that the actors could be mining the downloaded personal repository contents, to which the stolen OAuth token had entry, for strategies that could be made use of to pivot into other infrastructure,” Hanley spelled out.

Among the the companies impacted is program registry npm.

“The first detection associated to this campaign occurred on April 12 when GitHub Security identified unauthorized access to our npm generation infrastructure making use of a compromised AWS API vital,” claimed Hanley.

“Based on subsequent examination, we feel this API vital was attained by the attacker when they downloaded a set of personal npm repositories making use of a stolen OAuth token from just one of the two afflicted 3rd-party OAuth apps explained previously mentioned.”

Following exploring the broader campaign, GitHub’s security group revoked tokens associated with GitHub and npm’s inside use of the compromised OAuth apps.

The Travis CI group stated yesterday that it had revoked and reissued all private buyer auth keys and tokens integrating Travis CI with GitHub but that it doesn’t believe that the issue is a risk to clients.

“On April 15 2022, Travis CI personnel had been educated that selected non-public shopper repositories may possibly have been accessed by an particular person who applied a person-in-the-center 2FA attack, leveraging a third-party integration token,” it mentioned.

“Upon further more evaluation that exact same day, Travis CI personnel figured out that the hacker breached a Heroku service and accessed a non-public software OAuth crucial made use of to combine the Heroku and Travis CI application. This key does not deliver obtain to any Travis CI consumer repositories or any Travis CI client info. We totally investigated this issue and observed no proof of intrusion into a personal shopper repository (i.e. resource code) as the OAuth essential stolen in the Heroku attack does not give that kind of obtain.”

Heroku has revoked all OAuth tokens from the Heroku Dashboard GitHub integration and has temporarily suspended the issuing of tokens from the Heroku Dashboard.


Some components of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Pegasus Spyware Targeted UK Prime Minister, Say Researchers

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Ronin Crypto Heist of $618m Traced to North Korea
  • Pegasus Spyware Targeted UK Prime Minister, Say Researchers
  • FBI, U.S. Treasury and CISA Warns of North Korean Hackers Targeting Blockchain Companies
  • Github Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens
  • Cyberattackers Put the Pedal to the Medal: Podcast
  • Researchers Share In-Depth Analysis of PYSA Ransomware Group
  • Researchers Share In-Depth Analysis of PYSA Ransomware Group
  • Benchmarking Linux Security – Latest Research Findings
  • New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar
  • New Hacking Campaign Targeting Ukrainian Government with IcedID Malware

Copyright © TheCyberSecurity.News, All Rights Reserved.