"GitHub Investigating Crypto-Mining Campaign Abusing Its Server Infrastructure"

GitHub is investigating a series of attacks against its cloud infrastructure that allowed cybercriminals to use the company's servers to perform illicit operations for mining cryptocurrency. The attacks, which have been occurring since the fall of 2020, abuses a GitHub feature called GitHub Actions. This feature allows users to automate, customize, and execute software development workflows in their GitHub repository. According to Justin Perdok, a security engineer, at least one actor is targeting GitHub repositories in which GitHub Actions might be enabled. The attack involves adding malicious GitHub Actions to the original code and then filing a Pull Request with the original repository to merge the malicious code back into the original. Perdok said the attack does not require the original project owner to approve the malicious Pull Request as filing it is enough. The attackers are specifically targeting GitHub project owners with automated workflows that test incoming pull requests through automated jobs. GitHub's systems will read the attacker's code and launch a virtual machine that downloads and runs crypto-mining software on GitHub's infrastructure when a malicious Pull Request is filed. Perdok has observed attackers spin up to 100 crypto-miners in one attack, thus resulting in significant computational loads for GitHub's infrastructure. This article continues to discuss the performance of illicit crypto-mining on GitHub's server infrastructure. 

The Record reports "GitHub Investigating Crypto-Mining Campaign Abusing Its Server Infrastructure"