Social Engineering Campaign: GitHub Has Become a Battleground for Jade Sleet and TraderTraitor
Is it possible to protect yourself from intruders and how are they connected with the DPRK?
In a recent statement, the service GitHub reported on a small social engineering campaign organized by the group Jade Sleet or TraderTraitor, allegedly related to the DPRK. The attackers targeted the accounts of employees of technology organizations associated, among other things, with the blockchain, cryptocurrencies, and online gambling sectors. However, no GitHub or npm system was compromised, as reported in official blog .
Attack methods included the use of fake accounts on GitHub and other social platforms: LinkedIn, Slack and Telegram. Once contact was established, the attackers offered to collaborate on a repository containing software with malicious npm dependencies.
In response to the threat, GitHub suspended all campaign accounts and published a list of them. In light of the events, the Nautilus organization conducted an independent study and found that approximately 2.95% of the 1.25 million GitHub repositories are vulnerable to RepoJacking. This creates the potential for large-scale attacks.
GitHub itself has come up with several recommendations for hardening security. The platform urged users to be on the lookout for offers to collaborate or install npm packages through social networks if they are related to the target industries. In addition, experts advised paying attention to dependencies and installation scripts, especially if they were published recently and include network connections.
Users who have been targeted by attackers are advised to contact their employer’s cybersecurity department. If the target content has been completed, it is advisable to reset or reinstall devices, change account passwords, and replace sensitive credentials/tokens.