Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?

 

Call Anytime 24/7

 
Mail Us For Support
 
Office Address

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned.

  • Home
  • cyber security
  • Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned.
cybersecurity

A massive campaign targeting exposed Git configurations has siphoned credentials, cloned private repositories, and extracted cloud credentials from the source code. Cybersecurity researchers have flagged this as a significant threat.

Cybersecurity researchers have flagged a “massive” campaign targeting exposed Git configurations to siphon credentials, clone private repositories, and extract cloud credentials from the source code.

Activity Codename: EMERALDWHALE Stolen Repositories: Over 10,000 Stolen Credentials: 15,000+ Storage: Amazon S3 bucket, taken down by Amazon

Key Findings: Stolen credentials include those of Cloud Service Providers (CSPs), Email providers, and other services. The main goal of this theft is believed to be phishing and spam.

Tools Used: EMERALDWHALE uses an arsenal of private tools to steal credentials and scrape data. Targeting servers with exposed Git repository configuration files, the toolset facilitates discovery, credential extraction, and validation.

Programs like MZR V2 and Seyzo-v2, sold on underground marketplaces, scan and exploit these repositories using lists compiled via Google Dorks and Shodan.

Market Insights: Sysdig’s analysis reveals a list of over 67,000 URLs with the path “/.git/config” exposed for sale on Telegram for $100, highlighting the underground market’s demand for such data.

Researcher’s Perspective: “EMERALDWHALE also targeted exposed Laravel environment files, which contain a wealth of credentials,” said Sysdig researcher Miguel Hernández. “The underground market for credentials is booming, especially for cloud services. This attack shows that secret management alone is not enough to secure an environment.”

Leave A Comment

Your email address will not be published. Required fields are marked *