Security News > 2024 > June > New Gitloker attacks wipe GitHub repos in extortion scheme
The threat actor behind this campaign-who has the Gitloker handle on Telegram and is posing as a cyber incident analyst-is likely compromising targets' GitHub accounts using stolen credentials.
"I hope this message finds you well. This is an urgent notice to inform you that your data has been compromised, and we have secured a backup," the ransom notes read. When BleepingComputer contacted GitHub earlier today for more details regarding the Gitloker extortion campaign, a spokesperson was not immediately available for comment.
After previous attacks against GitHub users, the company advised users to change their passwords to secure their accounts against unauthorized access.
In September 2020, GitHub warned of a phishing campaign targeting users to compromise their accounts.
The campaign used emails pushing fake CircleCI notifications to steal their GitHub credentials and two-factor authentication codes by relaying them through reverse proxies.
GitHub said that the attackers almost immediately began exfiltrating data from victims' private repositories after the compromise, adding new user accounts to the organizations to maintain persistence if it used management permissions.