- Graynoise has seen a significant increase in the scanning activity
- Singapore IPs are looking for exposed git config files, also in Singapore
- The files may contain sensitive information such as connection identification information and access tokens
The actors of the Singaporean threat are looking for organizations in the country which can be penetrated and exploited, according to researchers in Greynoise cybersecurity, who recently observed a significant peak in recognition activity.
In a new analysis, published earlier this week, Greynoise said that on April 20 to 21, he experienced a significant increase in IP addresses in search of exposed Git configuration files. Within this period, he saw 4,800 unique IP addresses carrying out the scan, which is a “substantial increase compared to the typical levels”.
Most IPs are from Singapore, although some were in the United States, Germany, the United Kingdom and the Netherlands. They mainly roamed IPs in Singapore, but also in the United States, the United Kingdom, Germany and India.
Hunting for Git secrets
Git configuration files generally include sensitive information such as user e-mail addresses, access tokens, authentication identification information and remote repository URLs that incorporate user names or tokens. As such, they are useful for cybercriminals in the stages of recognition and preparation of cyber attacks.
Software developers will sometimes forget to prevent public access to these files, exposing secrets to anyone who knows where to look for. As Bleeping Compompute Recalls, this is exactly what happened in October 2024, when Sysdig reported a large -scale operation that scanned for Git Config files exposed and entered 15,000 cloud account identification information from thousands of private standards.
“In some cases, if the complete directory. Git is also exposed, the attackers may be able to reconstruct the entire code base – including the history of commitments, which can contain confidential information, identification information or sensitive logic,” said Graynoise.
To mitigate the risk, researchers advise software developers. In addition, they suggest television newspapers for repeated requests at .git / config and similar paths, and to rotate all the identification information exposed in the version control history.
Via Bleeping Compompute
