Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
According to a report from The Hacker News, attackers are leveraging dormant GitHub accounts to map corporate organizations while blending in with normal activity. These accounts, often created years ago and left inactive, appear legitimate and evade detection. The technique allows attackers to gather intelligence on internal structures, repositories, and employee roles without raising alarms. This method of reconnaissance is particularly stealthy because the accounts have a history and are not flagged as suspicious by security tools. The consequence is that organizations may be unaware of ongoing reconnaissance until a more significant attack occurs.
Dormant accounts enable stealthy reconnaissance, making it harder for organizations to detect early stages of an attack.