ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

Dormant GitHub accounts enable stealthy org and repo enumeration via API

Source headline: Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 6 days ago

Intelligence Summary

Datadog Security Labs warns that threat actors are running multiple overlapping campaigns to enumerate GitHub organizations, repositories, and users. The activity uses automated scraping through the GitHub API with user agents that look legitimate or custom. Attackers may rely on long-dormant “ghost” accounts, or they may use compromised OAuth tokens to appear normal. This helps them map corporate GitHub ecosystems and identify targets for later exploitation. Organizations using GitHub should review token exposure, account activity, and API usage anomalies.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#github #account-enumeration #api-scraping #oauth-token #threat-mapping
Original reporting The Hacker News Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
Open original source