Source: Cyware | By Ryan Stewart
Attackers hacked the Github account of Canonical and created 11 new repositories
• The Canonical owned account on GitHub was hacked and used to create 11 new GitHub repositories in the official Canonical account.
• However, the organization confirmed that there has been no evidence that any source code or sensitive information was impacted.
What is the issue?
The GitHub account of Canonical, the company behind the Ubuntu was hacked on July 06, 2019.
The big picture
The Canonical owned account on GitHub was hacked and used to create 11 new GitHub repositories in the official Canonical account.
• Upon discovery, Canonical launched an investigation to determine the extent of the breach.
• Canonical removed the compromised account from its organization in GitHub.
• The organization also disconnected the Launchpad infrastructure from Github.
• Launchpad infrastructure is where the Ubuntu distribution is built and maintained from GitHub.
• The organization is also conducting an audit and is implementing the necessary remediations.
However, Canonical confirmed that there has been no evidence that any source code or sensitive information was impacted.
“We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities,” the Ubuntu security team said in a statement, ZDNet reported.
Two days before the incident, the cyber-security firm Bad Packets detected internet-wide scans for Git configuration files.
“Incoming scans detected from 220.127.116.11 checking for exposed dotfiles (configuration files):
/sftp-config.json #threatintel,” Bad Packets tweeted.