Users of GitHub Desktop and Atom must take action
February 2nd, 2023 - Written By CyberLabs
Unidentified attackers reportedly gained access to certain of GitHub’s development and release planning repositories and stole encrypted code-signing certificates for the company’s Desktop and Atom applications.
“On December 7, 2022, GitHub detected unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom. After a thorough investigation, we have concluded there was no risk to GitHub.com services as a result of this unauthorized access and no unauthorized changes were made to these projects.” GitHub said.
To prove that the code was created by the stated company, in this case, GitHub, code-signing certificates affix a cryptographic seal to it. The certificates might be used by an attacker to sign maliciously altered unofficial versions of the apps and present them as official updates from GitHub if they were decrypted. The theft of credentials has no impact on the most recent versions of Desktop and Atom.
“However, several encrypted code signing certificates were stored in these repositories for use via Actions in our GitHub Desktop and Atom release workflows. We have no evidence that the threat actor was able to decrypt or use these certificates.”
“We investigated the contents of the compromised repositories and found no impact to GitHub.com or any of our other offerings outside of the specific certificates noted above. No unauthorized changes were made to the code in these repositories.”
According to reports, the repositories were copied a day earlier using a hacked personal access token (PAT) linked to a machine account. The hacked credentials have since been revoked, and none of the repositories included any data on customers. However, GitHub withheld the specifics of the token compromise.
GitHub urges users to update to the latest version of Desktop/Atoms before February 2 to avoid disruptions in workflows.
Source
https://thehackernews.com/2023/01/github-breach-hackers-stole-code.html
Recently,