New! Try the FREE Predictive Security Plugin for WordPress – Scan, Secure & Stay Safe in Seconds!

Download Now
Visit TisaLabs homepage

Current CyberSecurity Advisories

Ongoing targeting of online code repositories

Request a Call Back
Release date
19 September 2025
Alert rating
High

Description

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of increased targeting of online code repositories, with threat actors employing various tactics to scan for and extract secrets, access private code bases, and modify packages to infect users. The ASD’s ACSC does not have information to indicate that a specific industry or sector is being targeted, with this advisory providing general awareness of an observed increase in activity.

Audience

Individuals & familiesSmall & medium businessesOrganisations & Critical InfrastructureGovernment

Current update

This alert is relevant to all Australians and Australian organisations that maintain online code repositories and public software packages.

Background

The ASD’s ACSC is aware of increased targeting of online code repositories.

Threat actors have been observed gaining access to online code repositories through:

  • Phishing/Vishing
  • Social Engineering
  • Compromised credentials
  • Compromised authentication tokens
  • Infected software packages.

The following activities have been noted as being performed by threat actors after gaining access to privileged systems and accounts:

  • Running open-source tools to scan for cryptographic secrets, passwords and sensitive keys stored in online code repositories.
  • Extracting and leaking identified credentials publicly.
  • Migrating private repositories to public repositories.
  • Modifying public packages to initiate supply-chain compromises.

Threat actors have been observed abusing legitimate tooling and functions to achieve these results, rather than bespoke tooling.

The risk of exposed code bases can allow actors a better understanding of internal processes and systems, increasing an organisation’s attack surface and enabling future, novel attacks.

Mitigation advice

ASD’s ACSC advises organisations to:

  • Investigate affected systems: Review logs for recent package installations, suspicious processes, and unexpected modifications in developer repositories. Analyse any system that hosted a compromised package for malicious activity.
  • Validate packages: Validate that only trusted, verified packages are in use; check packages for signs of compromise before installation and updating.
  • User awareness: Inform users on the dangers of unverified and under verified software packages.
  • Monitor for secret scanning: Use code repositories’ native security functions to detect malicious secret scanning.
  • Rotate potentially exposed secrets: Rotate any secrets found in code repositories accessible from compromised systems.
  • Review advice on mitigating cyber supply chain risk.
  • Review advice on managing cryptographic keys and secrets.
  • Review advice on Identifying and Mitigating Living Off the Land Techniques to understand how threat actors use legitimate tooling to undertake attacks.
  • Review advice on Social Engineering.

Where to get help

Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371)

Source
https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/ongoing-targeting-of-online-code-repositories
Back

Protect your assets with Predictive

Find out More
TisaAssist bot
🤖 Hello, how can I assist you today?
I can help you with:
✅ Answer questions related to the website.
✅ Help you understand things you don't know.
❓ What's Tisalabs
💻 What's IoT
🔒 Why sensor data must be protected?