Renaming a GitHub account may have contributed to supply chain attacks


According to Checkmarx, hackers may have created malicious repositories using the accounts’ new names and launched software supply chain attacks by taking advantage of the renaming of well-known GitHub accounts.

The repo-jacking technique entails diverting traffic from a renamed repository to an attacker-controlled malicious repository by circumventing GitHub’s redirection system. When a repository is cloned, the full repository URL, which is unique to each GitHub repository under the user account that created it, is used.

When a user updates the username associated with their GitHub account, the URL is also updated by substituting the new username for the old one.

Read More: GitHub Account Renaming Could Have Led to Supply Chain Attacks

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.