Skip to content
Threat actors are abusing the GitHub API to systematically enumerate organizations, repositories, and user accounts, Datadog reports. Spanning multiple overlapping campaigns, the activity has been ongoing for several months, relying on ghost accounts that were registered two to five years ago but left dormant. The activity, Datadog says, involves automated scanners, the abuse of leaked credentials...
Ghost Accounts Abuse GitHub API in Mass Recon Campaign | Huntaegis