Popular source code storage service GitHub is investigating a series of attacks on cloud infrastructure. Cybercriminals infiltrated the company’s servers and mined crypto. The press secretary of the service announced this through The Record.
User projects were not damaged
The attacks started in the fall of 2020 and were carried out via GitHub Actions, a service feature that allows users to automatically complete tasks and workflows if a certain event occurs in one of their GitHub repositories.
GitHub representatives emphasized that they are aware of this activity and are actively researching it. The attack has not harmed user projects for now and seems to be focused solely on abuse of GitHub infrastructure. Security experts have stated that the attackers created huge computational loads for GitHub’s infrastructure with a single attack.