CATEGORIES
home News

GitHub Server Infrastructure Abused In Relentless Crypto-Mining Attack

by Nathan OrdSaturday, April 03, 2021, 01:17 PM EDT
hero 2 github cloud infrastructure used for cyrptocurrency mining by cybercriminals
Late last month, we reported on a trend of rising cybersecurity incidents worldwide that could lead to the end of some businesses. Now, the latest cyberattack victim is Microsoft-owned GitHub, with reports of cybercriminals leveraging GitHub cloud infrastructure to mine cryptocurrency.

Since at least the Fall of 2020, attackers have been abusing a feature called GitHub Actions, which lets users automate tasks and workflows once an event happens within a repository. Once triggered, GitHub Actions can spool up a VM or a container to typically test out code in a live environment. In a phone call to The Record, Dutch security engineer Justin Perdok explained that “at least one threat actor is targeting GitHub repositories where GitHub Actions might be enabled.”

github cloud infrastructure used for cyrptocurrency mining by cybercriminals justin perdok

The attack works by forking, or copying, legitimate code from a GitHub repository and then adding malicious content. Once the content is embedded into the copy, the cybercriminal would then make a Pull Request to merge the code back with the original. Interestingly, the attack does not rely on the Pull Request being approved, but just making the request is enough according to Perdok.

github cloud infrastructure used for cyrptocurrency mining by cybercriminals justin perdok 2

The attackers specifically target repositories with automated workflows that test incoming pull requests via the automated jobs with GitHub Actions. When the malicious Pull Request is filed, GitHub spins up a VM for the request to “test” the code, which now includes a cryptocurrency miner which will run on GitHub’s infrastructure indefinitely in theory. Perdok also stated that he had projects abused this way and has also seen “attackers spin up to 100 crypto-miners via one attack alone, creating huge computational loads for GitHub’s infrastructure.”

In an email, GitHub explains that it “aware of this activity and are actively investigating,” and has been doing so since last year when the attack was first reported. This is likely a rather difficult issue to fix without changing how GitHub Actions works. Moreover, if you ban accounts, new ones crop up almost immediately. In any case, we will have to see how GitHub properly responds to this security incident, so stay tuned to HotHardware for updates.

(Images courtesy of The Record and Justin Perdok)
Tags:  Microsoft, security, cybersecurity, GitHub, cryptocurrency, (nasdaq:msft), cryptocurrency-mining
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment