Security & supply chain

Datadog says months-long GitHub recon out of dormant 'ghost' accounts is prep for supply-chain attacks

Datadog says months-long GitHub recon out of dormant 'ghost' accounts is prep for supply-chain attacks

Datadog researchers have flagged overlapping, months-long campaigns that abuse GitHub's public API and lean on more than 50 dormant "ghost" accounts, reactivated after two to five years of inactivity, to map organizations and the people who work in them. Some of the same operations also cloned private repositories, took over user tokens and pulled data out through both Git and the API.

The mechanism, per Datadog's Julie Agnes Sparks: "Individually, most of these requests are unremarkable. They hit public endpoints, authenticate cleanly or not at all, and return successful responses." That is what makes them expensive to spot. Public endpoints hand over organization members, public repositories, starred repositories and follower lists to any caller; both GraphQL and REST are in scope. Ghost accounts light up for one to three weeks at a time, and the user-agent strings walk the line: "GitHub-Company-Scraper" at one end, benign-sounding "GitHubAnalytics/1.5" at the other. One campaign leaned on personal access tokens stolen during a December to January window. A separate agent labelled "repo-dumper" used tokens like those to clone private repositories over Git and to pull the rest through API calls.

Where the operational bite lands

Most of this activity looks like traffic you asked for. GitHub carries 420 million-plus repositories and 150 million-plus developers, and abusive calls sit inside that firehose. Datadog puts 95% of malicious Git campaigns at GitHub and 5% at GitLab, with 58% of the campaigns ending in credential phishing and 42% in malware. The recon step is what turns a scraped org chart into a targeted phish or a stolen PAT that gets to CI.

The controls that help are already in the platform. Set organization member visibility to private so the enumeration endpoints stop being a free directory. Rotate personal access tokens on a hard TTL, and prefer fine-grained or short-lived tokens over classic PATs for anything that touches a pipeline. Watch the audit log for unfamiliar user agents and for API patterns that only hit public endpoints. Rate-limit unauthenticated calls at the perimeter where you can.

None of that stops a dormant account from lighting up next week. It shortens the window between the recon traffic and the first alert, which is the window a defender actually gets to work in.

Source: DevOps.com (devops.com)

Related
Supply-chain security

The five-minute SBOM sniff test earns its keep

A quick, deliberate look at the bill of materials for a hardened image catches supply-chain trouble a CVE scanner will never flag. Bolt it into the pipeline, not the compliance report.

July 13, 2026
Supply chain security

npm v12 flips install-time to closed-by-default

npm v12 shipped as latest on July 8, 2026, with lifecycle scripts, git-URL dependencies and remote-URL dependencies all off by default at install time. Alongside it, the 2FA-bypass Granular Access Token starts a two-step retirement that ends direct publishes.

July 9, 2026
Security & supply chain

GhostApproval: six AI coding agents shipped a permission dialog that was reading the wrong path

Researchers at Google-owned Wiz disclosed GhostApproval, a class of flaw across six AI coding tools in which symbolic links redirect the agent's file writes while the human approval prompt shows the pre-resolution path. The mechanism is thirty years old; the CI/CD lesson is newer.

July 10, 2026

Turn this into your pipeline. Build it on Buddy.

Start free