Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use. GitHub revealed that on December 7th, 2022, hackers had gained unauthorized access to several of its code repositories and stolen code-signing certificates for two of its desktop apps: Atom and Desktop. The repositories were used in the planning and development of these applications. A further probe led to the conclusion that GitHub's services were not at risk, and no unauthorized changes were made to these projects. The repositories were cloned one day prior by a compromised PAT associated with a machine account. GitHub has decided to revoke the exposed certificates used for Atom and Desktop applications. The revocations will be effective this Thursday and prevent some impacted versions of these apps from working. Revoking these certificates will render some versions of GitHub Desktop for Mac and Atom invalid; however, current versions of Desktop and Atom are unaffected by this theft. For your information, code-signing certificates place a cryptographic stamp on the code to verify that the enlisted organization, i.e., GitHub, has developed it. If it gets decrypted, the certificates will allow an attacker to sign the app's unofficial version, which has already been tampered with and pass them off as official updates from GitHub. The following versions of GitHub Atom have been affected. It is worth noting that GitHub Desktop for Windows is not affected by this credential theft. On January 4, GitHub published a new version of its Desktop app, which was signed with new certificates that weren't exposed to the attacker(s). GitHub Desktop users should upgrade to the latest version.
This Cyber News was published on www.hackread.com. Publication date: Wed, 01 Feb 2023 11:43:02 +0000