- Greynoise saw a significant increase in scanning activity
- IPS from Singapore is looking for exposed git config files, also in Singapore
- The files could contain sensitive information such as login -credentials and the access tokens
Singaporic threat players are in search of organizations in the country that can be divided and exploited, according to cybersecurity researchers Greynoise, who recently observed a significant increase in reconnaissance activity.
In a new analysis published earlier this week, Greynoise said that on April 20 to April 21, it witnessed a significant increase in IP addresses scanning for vulnerable git configuration files. In this time frame, the 4,800 unique IP addresses performed the scan, which is a “significant increase compared to typical levels”.
Most of the IPs come from Singapore, though some were in the US, Germany, UK and the Netherlands. They also mostly scanned through IPS in Singapore, but also in the US, UK, Germany and India.
Hunting on Git Secrets
Git configuration files usually include sensitive information such as user -e -mail addresses, access tokens, approval information and external depot -urls that integrate usernames or symbols. As such, they are useful for cyber criminals in reconnaissance and preparation stages of cyber attacks.
Software developers will sometimes forget to prevent public access to these files and expose the secrets to anyone who knows where to see. Seam Bleeping computer Memories, that is exactly what happened in October 2024, when Silige reported a large-scale operation that scanned for exposed git config files and grabbed 15,000 cloud account information from thousands of private warehouses.
“In some cases, if the full .Git library is also postponed, attacks may be able to reconstruct the entire code base – including obligation history, which may contain confidential information, credentials or sensitive logic,” explained Greynoise.
To mitigate the risk, the researchers advise Software -Devs providing .Git/ folders are not available via public web servers and to block access to hidden files and folders in web server configurations. In addition, they suggest DEVS Monitor logs for repeated requests for .Git/config and similar paths, and to rotate any credentials exposed in version control history.
Via Bleeping computer
