IT systems audit experts report an alleged hacking attack against the GitHub account of Canonical Ltd, the company in charge of Ubuntu, the popular Linux distribution, allegedly with the intention of installing a backdoor.
“Last July 6, the access credentials to one
of the GitHub accounts owned by Canonical were compromised; those responsible
for this incident used the credentials to create repositories on the developer
platform, among other potentially malicious activities,” mentions a
statement from the GitHub security team.
As a security measure, Canonical deleted the
compromised GitHub account, and also began an internal investigation to
determine the actual scope of the attack, although, according to IT systems
audit experts, there is still no evidence to prove that the code source or any other
development owned by Canonical has been compromised.
Ubuntu security team also committed to
releasing regular updates on the incident and a full investigation once the
case is closed. The company is also committed to conducting external audits and
implementing any other necessary security measures.
Sources close to the company claim that hackers
created eleven new repositories in Canonical’s official account, although these
repositories were found completely empty. A few days before the incident, a
firm of IT systems audit experts detected some signs of activity, such as
Internet scans, looking for Git configuration files. These files often contain
login credentials for GitHub accounts such as those used by Canonical managers.
Unfortunately, this is not the first time a
security incident is presented at Canonical. In previous opportunities, threat
actors were able to extract sensitive information from up to two million users
of the official Ubuntu forum. After the third security incident, the company
decided to close this forum.
Finally, experts from the International Institute
of Cyber Security (IICS) reported the existence of a malicious Ubuntu package
containing a cryptocurrency mining malware hosted on the official store of this
distro for months.