31 January 2023

Hackers stole encrypted code signing certs for GitHub Desktop and Atom


Hackers stole encrypted code signing certs for GitHub Desktop and Atom

GitHub said that unknown hackers have stolen encrypted code signing certificates for its Desktop and Atom applications after gaining access to a set of repositories of the afore mentioned apps.

The incident took place on December 6, 2022, the company said. The certificates were password-protected, and, so far, GitHub has no evidence that the certs were decrypted or maliciously used. If decrypted, the threat actor could sign unofficial applications with these certificates and pretend that they were officially created by GitHub.

“On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised Personal Access Token (PAT) associated with a machine account. Once detected on December 7, 2022, our team immediately revoked the compromised credentials and began investigating potential impact to customers and internal systems. None of the affected repositories contained customer data,” GitHub said in a security advisory.

As a preventive measure the company has revoked the exposed certificates.

“On Thursday, February 2, 2023, we will revoke the Mac & Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-1.63.1. Once revoked, all versions signed with these certificates will no longer function,” the company warned.

GitHub Desktop for Windows is said to be not affected.

Back to the list

Latest Posts

Chinese hackers reportedly breach Volkswagen Group, steal proprietary technology

Chinese hackers reportedly breach Volkswagen Group, steal proprietary technology

The hackers targeted the company for at least five years.
22 April 2024
MITRE discloses security breach via Ivanti zero-days

MITRE discloses security breach via Ivanti zero-days

The organization said that an unnamed foreign state-sponsored threat actor was behind the attack.
22 April 2024
CrushFTP patches actively exploited zero-day

CrushFTP patches actively exploited zero-day

The flaw is being exploited in attacks targeting CrushFTP servers at multiple US entities.
22 April 2024