{"id":56307,"date":"2024-06-12T13:44:54","date_gmt":"2024-06-12T13:44:54","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35988\/GitHub-Phishing-Campaign-Wipes-Repos-Extorts-Victims.html"},"modified":"2024-06-12T13:44:54","modified_gmt":"2024-06-12T13:44:54","slug":"github-phishing-campaign-wipes-repos-extorts-victims","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/","title":{"rendered":"GitHub Phishing Campaign Wipes Repos, Extorts Victims"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/06\/AdobeStock_597742919_Editorial_Use_Only.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>GitHub users are being targeted by a phishing and extortion campaign that leverages the site\u2019s notification system and a malicious OAuth app to swindle victims.<\/p>\n<p>A <a href=\"https:\/\/github.com\/orgs\/community\/discussions\/109171\" target=\"_blank\" rel=\"noreferrer noopener\">GitHub Community discussion<\/a> opened in February shows that campaign has been ongoing for nearly four months, with <a href=\"https:\/\/x.com\/1ZRR4H\/status\/1798412587484496068\" target=\"_blank\" rel=\"noreferrer noopener\">a social media post<\/a> by CronUp Security Researcher Germ\u00e1n Fern\u00e1ndez shedding new light on the scam last week.<\/p>\n<p>Targets are roped into the scam when their username is mentioned (i.e. tagged) in a comment, which triggers an email to be sent to them from <a href=\"https:\/\/www.scmagazine.com\/cdn-cgi\/l\/email-protection\" class=\"__cf_email__\" data-cfemail=\"6d030219040b040e0c190402031e2d0a041905180f430e0200\">[email&nbsp;protected]<\/a>, a legitimate GitHub email address.<\/p>\n<p>The comments left by the attacker are designed to appear like an email from GitHub staff, and an unsuspecting user who receives the notification email may not realize they are reading the contents of a comment they were mentioned rather than an email sent directly from GitHub.<\/p>\n<p>Screenshots from GitHub Community discussions show the only signs that the email originates from a comment they were tagged in are the subject line, which begins with \u201cRe:\u201d, and a line at the bottom of the email that states, \u201cYou are receiving this because you were mentioned.\u201d<\/p>\n<p>The phishing comments purport to be from GitHub staff offering the user a job or alerting the user to a supposed security breach. The comments include a link to websites resembling GitHub domains, including githubcareers[.]online and githubtalentcommunity[.]online, which leads targets to a prompt to give an external app certain access and control over their account and repositories via OAuth.<\/p>\n<p>If this request is approved, the attacker wipes the contents of the user\u2019s repos and replaces them with a README file directing the user to contact a user called \u201cgitloker\u201d on Telegram in order to recover their data. The Gitloker threat actor also uses compromised accounts to post more comments triggering more phishing emails, putting the victims\u2019 accounts in danger of deletion due to other users reporting the scam.<\/p>\n<p>\u201cThreat actors spoofing legitimate companies in order to gain access to content is nothing new, however, it is unusual for threat actors to go to such lengths in order to obtain access. What is even more unusual is that after the threat actors obtain access, they appear to only use the accounts for extortion rather than performing more advanced actions like uploading malware to the repos to infect more people,\u201d said Max Gannon, cyber intelligence team manager at Cofense, in an email to SC Media.<\/p>\n<p>Gannon noted that Gitloker claims to have made copies of the data and may also be looking for credentials and vulnerabilities, but also might be a low-skill attacker looking for a quick buck through their extortion scheme. Regardless, the Gitloker attacks demonstrate the potential for supply chain attacks via GitHub and \u201creinforces the fact that companies need to keep track of whose code they use and if the sources for the code have been compromised,\u201d Gannon said.<\/p>\n<p>Fern\u00e1ndez\u2019s post includes more evidence of other extortion scams tied to the Gitloker telegram, including one from April threatening to leak confidential information allegedly found in an organization\u2019s GitHub repos if a $250,000 payment isn\u2019t made, and another from early February demanding $1,000 within 24 hours to prevent the exposure of data from an unspecified compromised source.<\/p>\n<h2>Protecting your GitHub account from Gitloker and similar scams<\/h2>\n<p>GitHub has been aware of the Gitloker phishing and extortion campaign since at least February, with <a href=\"https:\/\/github.com\/orgs\/community\/discussions\/109171#discussioncomment-8544465\" target=\"_blank\" rel=\"noreferrer noopener\">a staff member saying under a Community discussion<\/a>, \u201cOur teams are currently working on addressing these unsolicited phishing notifications.\u201d<\/p>\n<p>In addition to recommending users take advantage of GitHub\u2019s <a href=\"https:\/\/docs.github.com\/en\/communities\/maintaining-your-safety-on-github\/reporting-abuse-or-spam\" target=\"_blank\" rel=\"noreferrer noopener\">abuse reporting tools<\/a> to inform them of spam messages, the staff member advised users not to click links from or reply to the suspicious messages, to be wary of <a href=\"https:\/\/docs.github.com\/en\/apps\/oauth-apps\/using-oauth-apps\/authorizing-oauth-apps\" target=\"_blank\" rel=\"noreferrer noopener\">authorizing OAuth apps<\/a> that can expose one\u2019s GitHub data to a third party and to periodically <a href=\"https:\/\/docs.github.com\/en\/apps\/oauth-apps\/using-oauth-apps\/reviewing-your-authorized-oauth-apps\" target=\"_blank\" rel=\"noreferrer noopener\">review the authorized OAuth apps<\/a> tied to one\u2019s account. Users should revoke access to any unused or suspicious OAuth apps.<\/p>\n<p>The staff member also noted that GitHub does not recruit talent through any form of public notification and that the phishing campaign is not the result of any compromise of GitHub itself.<\/p>\n<p>A GitHub spokesperson also told SC Media that users should <a href=\"https:\/\/docs.github.com\/en\/authentication\/keeping-your-account-and-data-secure\/viewing-and-managing-your-sessions\" target=\"_blank\" rel=\"noreferrer noopener\">review their active GitHub sessions<\/a> and <a href=\"https:\/\/docs.github.com\/en\/authentication\/keeping-your-account-and-data-secure\/managing-your-personal-access-tokens\" target=\"_blank\" rel=\"noreferrer noopener\">personal access tokens<\/a>, <a href=\"https:\/\/docs.github.com\/en\/authentication\/keeping-your-account-and-data-secure\/updating-your-github-access-credentials\" target=\"_blank\" rel=\"noreferrer noopener\">change their GitHub password<\/a> and <a href=\"https:\/\/docs.github.com\/en\/authentication\/securing-your-account-with-two-factor-authentication-2fa\/configuring-two-factor-authentication-recovery-methods#generating-a-new-set-of-recovery-codes\" target=\"_blank\" rel=\"noreferrer noopener\">reset their two-factor recovery codes<\/a> if they believe their account may have been compromised.<\/p>\n<p>\u201cGitHub investigates all reports of abusive or suspicious activity across our platform and takes action when content or activity violates our <a href=\"https:\/\/docs.github.com\/en\/site-policy\/acceptable-use-policies\/github-acceptable-use-policies\" target=\"_blank\" rel=\"noreferrer noopener\">Acceptable Use Policies<\/a>,\u201d the GitHub spokesperson stated in an email.<\/p>\n<p>GitHub did not address questions about whether any changes have been made to its notification system in response to the campaign and how prevalent the campaign was across the site as of June.<\/p>\n<p>Jason Kent, hacker in residence at Cequence Security, offered more advice for GitHub users in an email to SC Media.<\/p>\n<p>\u201cMake sure you know the application you are hooking into your repo is legit. How do you know that? Assume all contact is phishing and verify the source. Also, before you do any of this, ask on GitHubs forums if this OAUTH service is legitimate and has been used successfully,\u201d Kent said. \u201cHave a backup strategy that doesn\u2019t include GitHub. Be able to recover if the entire service goes down and you will be ready in the event someone deletes your repo.\u201d<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35988\/GitHub-Phishing-Campaign-Wipes-Repos-Extorts-Victims.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":56308,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[10953],"class_list":["post-56307","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackercybercrimephish"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>GitHub Phishing Campaign Wipes Repos, Extorts Victims 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GitHub Phishing Campaign Wipes Repos, Extorts Victims 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-12T13:44:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/06\/AdobeStock_597742919_Editorial_Use_Only.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/github-phishing-campaign-wipes-repos-extorts-victims\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/github-phishing-campaign-wipes-repos-extorts-victims\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"GitHub Phishing Campaign Wipes Repos, Extorts Victims\",\"datePublished\":\"2024-06-12T13:44:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/github-phishing-campaign-wipes-repos-extorts-victims\\\/\"},\"wordCount\":912,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/github-phishing-campaign-wipes-repos-extorts-victims\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/github-phishing-campaign-wipes-repos-extorts-victims.jpg\",\"keywords\":[\"headline,hacker,cybercrime,phish\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/github-phishing-campaign-wipes-repos-extorts-victims\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/github-phishing-campaign-wipes-repos-extorts-victims\\\/\",\"name\":\"GitHub Phishing Campaign Wipes Repos, Extorts Victims 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/github-phishing-campaign-wipes-repos-extorts-victims\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/github-phishing-campaign-wipes-repos-extorts-victims\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/github-phishing-campaign-wipes-repos-extorts-victims.jpg\",\"datePublished\":\"2024-06-12T13:44:54+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/github-phishing-campaign-wipes-repos-extorts-victims\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/github-phishing-campaign-wipes-repos-extorts-victims\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/github-phishing-campaign-wipes-repos-extorts-victims\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/github-phishing-campaign-wipes-repos-extorts-victims.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/github-phishing-campaign-wipes-repos-extorts-victims.jpg\",\"width\":800,\"height\":457},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/github-phishing-campaign-wipes-repos-extorts-victims\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,cybercrime,phish\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackercybercrimephish\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"GitHub Phishing Campaign Wipes Repos, Extorts Victims\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GitHub Phishing Campaign Wipes Repos, Extorts Victims 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/","og_locale":"en_US","og_type":"article","og_title":"GitHub Phishing Campaign Wipes Repos, Extorts Victims 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-06-12T13:44:54+00:00","og_image":[{"url":"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/06\/AdobeStock_597742919_Editorial_Use_Only.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"GitHub Phishing Campaign Wipes Repos, Extorts Victims","datePublished":"2024-06-12T13:44:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/"},"wordCount":912,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/06\/github-phishing-campaign-wipes-repos-extorts-victims.jpg","keywords":["headline,hacker,cybercrime,phish"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/","url":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/","name":"GitHub Phishing Campaign Wipes Repos, Extorts Victims 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/06\/github-phishing-campaign-wipes-repos-extorts-victims.jpg","datePublished":"2024-06-12T13:44:54+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/06\/github-phishing-campaign-wipes-repos-extorts-victims.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/06\/github-phishing-campaign-wipes-repos-extorts-victims.jpg","width":800,"height":457},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/github-phishing-campaign-wipes-repos-extorts-victims\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,cybercrime,phish","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackercybercrimephish\/"},{"@type":"ListItem","position":3,"name":"GitHub Phishing Campaign Wipes Repos, Extorts Victims"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56307","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=56307"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56307\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/56308"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=56307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=56307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=56307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}