Security & supply chainDatadog says months-long GitHub recon out of dormant 'ghost' accounts is prep for supply-chain attacks
Datadog security researchers say overlapping months-long campaigns have been abusing GitHub's public API and reactivating more than 50 long-dormant accounts to map organizations and their engineers. The setup looks a lot like the reconnaissance phase of a supply-chain intrusion.