A threat actor is thought to have used AI-powered automation to try to exploit open-source software repositories on GitHub more than 100 times This article explores automation attack repositories. . The "prt-scan" campaign is the second time in the last few weeks that a threat actor seems to have used AI-assisted automation to attack repositories.

This comes after the "hackerbot-claw" campaign in late February, which used bad pull requests that took advantage of the same feature to steal GitHub tokens, secrets, environment variables, and cloud credentials. Aikido Security researcher Charlie Eriksen says that attackers with low levels of skill can now launch new campaigns against hundreds of targets in a fraction of the time and effort it used to take.

The security company said that the attacker tried to use a complex multi-phase payload, but it was full of techniques that didn't make sense to an expert and wouldn't work in real life very often. Wiz said that even though the strategy was flawed, a 10% success rate led to many compromises. Researchers found IoCs for the targeted scan campaign and told businesses to make their GitHub environments safer to protect against similar threats.

They also talked about how Chainguard has released Factory 2.0, which is meant to make the software supply chain more secure automatically. The attack was first noticed on April 2, but Wiz found that it started around March 11 and went on for six waves using six different GitHub accounts that were all linked to the same threat actor.

The pull_request_target trigger in GitHub Actions is one of the ways the attacker scans for repositories. After that, they fork the repositories, make branches, hide harmful code in what looks like normal updates, and trick projects into running it without them knowing. Wiz says that this vulnerability comes from an unsecured misconfiguration that can be easily exploited through untrusted pull requests without any restrictions.

The attackers didn't seem to fully understand GitHb's permissions model, even though the attack itself was very complicated.