Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
Attacks on GitHub repositories are gaining momentum.
Cybersecurity researchers are sounding the alarm over a new tool called GoIssue, designed for mass phishing attacks on GitHub users. The tool first appeared in August 2024 on the Runion forum, where it was advertised by a cybercriminal under the pseudonym cyberdluffy (also known as Cyber D'Luffy).
GoIssue allows attackers to extract email addresses from public GitHub profiles and send phishing messages directly to users' inboxes. According to the creator, the tool allows you to target developers by bypassing spam filters and going directly to their inboxes.
SlashNext notes that this approach of attackers opens a new era of spear phishing attacks that can lead to source code theft, supply chain compromise, and hacking corporate networks through developer credentials.
The GoIssue tool is sold in two versions: a custom build costs $700, and its source code costs $3000. However, starting October 11, 2024, prices have been reduced to $150 and $1000 for the first five buyers.
Examples of a possible attack include redirecting victims to fake pages where logins and passwords are stolen, malware is downloaded, or an untrusted OAuth application is installed to access private repositories.
Cyberdluffy's Telegram profile is also interesting, where he claims membership in the Gitloker Team, a group previously seen in ransomware attacks on GitHub users. Criminals send links through phishing emails that are activated after the developers' accounts are mentioned in spam comments. The goal is to force the victim to provide access to private data and subsequently delete all repositories, leaving only a ransom note.
In parallel with SlashNext, Perception Point has identified a new two-stage phishing attack that uses Microsoft Visio (.vsdx) and SharePoint files to steal data. Letters with offers of cooperation are sent from already hacked accounts, which allows you to bypass protection systems.
When clicking on a link from the email, the victim is taken to a SharePoint page with a Visio file attachment leading to a fake Microsoft 365 sign-in page. Such multi-stage attacks are becoming more common and use users' trust in well-known platforms to bypass standard security tools.
Source
Cybersecurity researchers are sounding the alarm over a new tool called GoIssue, designed for mass phishing attacks on GitHub users. The tool first appeared in August 2024 on the Runion forum, where it was advertised by a cybercriminal under the pseudonym cyberdluffy (also known as Cyber D'Luffy).
GoIssue allows attackers to extract email addresses from public GitHub profiles and send phishing messages directly to users' inboxes. According to the creator, the tool allows you to target developers by bypassing spam filters and going directly to their inboxes.
SlashNext notes that this approach of attackers opens a new era of spear phishing attacks that can lead to source code theft, supply chain compromise, and hacking corporate networks through developer credentials.
The GoIssue tool is sold in two versions: a custom build costs $700, and its source code costs $3000. However, starting October 11, 2024, prices have been reduced to $150 and $1000 for the first five buyers.
Examples of a possible attack include redirecting victims to fake pages where logins and passwords are stolen, malware is downloaded, or an untrusted OAuth application is installed to access private repositories.
Cyberdluffy's Telegram profile is also interesting, where he claims membership in the Gitloker Team, a group previously seen in ransomware attacks on GitHub users. Criminals send links through phishing emails that are activated after the developers' accounts are mentioned in spam comments. The goal is to force the victim to provide access to private data and subsequently delete all repositories, leaving only a ransom note.
In parallel with SlashNext, Perception Point has identified a new two-stage phishing attack that uses Microsoft Visio (.vsdx) and SharePoint files to steal data. Letters with offers of cooperation are sent from already hacked accounts, which allows you to bypass protection systems.
When clicking on a link from the email, the victim is taken to a SharePoint page with a Visio file attachment leading to a fake Microsoft 365 sign-in page. Such multi-stage attacks are becoming more common and use users' trust in well-known platforms to bypass standard security tools.
Source
