Repositories held for ransom by using valid credentials
Blog post from GitLab
Suspicious Git activity involving the use of valid credentials on GitLab has been identified, following a support ticket by Stefan Gabos. The issue, which is not specific to GitLab, affects other git repositories and involves attackers having knowledge of users' passwords to wipe repositories and demand ransoms. GitLab has notified affected users and recommends using password managers, enabling two-factor authentication, and employing SSH keys for enhanced security. Mitigation efforts include restoring repositories using git commands if local copies are available, while a detailed investigation continues. The attacks, traced to the IP range 185.234.216.0/24, were linked to plaintext passwords stored locally and affected 131 users and 163 repositories, primarily private, with none having two-factor authentication enabled. The attacker's script, suspected to be generic and possibly malfunctioning, targeted platforms like GitLab, GitHub, and Bitbucket. GitLab is committed to transparency in its continued investigation and encourages community feedback to bolster security measures.
No tracked trend matches for this post yet.
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.