"Hackers Steal 15,000 Cloud Credentials From Exposed Git Config Files"
"Hackers Steal 15,000 Cloud Credentials From Exposed Git Config Files"
An operation named "EmeraldWhale" has led to the theft of over 15,000 cloud account credentials from thousands of private repositories by scanning for exposed Git configuration files. The campaign, discovered by researchers at Sysdig, uses automated tools to scan IP ranges for exposed Git configuration files, which may contain authentication tokens. Hackers behind the operation then use the tokens to download repositories stored on GitHub, GitLab, and BitBucket, which are scanned for additional credentials.