Possible DPRK links: Luc4m’s X post hinted at possible nation-state connections, adding, “Smells #DPRK?” While nothing else was said on the X thread, North Korea is known for using click-fix attacks for its cyber espionage activities, with Contagious Interviews being a prominent one of those campaigns.All GitHub fake alerts included the same login information, location: Reykjavik, Iceland, IP Address: 53.253.117.8, and Device: Unrecognized. For protection, Luc4m, shared a couple of indicators of compromise (IoCs), GitHub account: hishamaboshami, and App ID: Ov23liQMsIZN6BD8RTZZ. The X thread also added that the fake “security app” was deployed using render, a cloud for hosting web applications, at s://github-com-auth-secure-access-token.onrender.com.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3846732/attackers-attempted-hijacking-12000-github-accounts-with-click-fix-alerts.html
