| ▲ | KomoD 10 hours ago | |
Doesn't it publish the repos to your Github account? Just clone and look at what was stolen. | ||
| ▲ | solrith 9 hours ago | parent | next [-] | |
On the follow up Wiz blog they suggested that the exfiltration was cross-victim https://www.wiz.io/blog/shai-hulud-2-0-aftermath-ongoing-sup... | ||
| ▲ | bspammer 8 hours ago | parent | prev [-] | |
As the sibling comment said, the worm used stolen GitHub credentials from other victims, and randomly distributed the uploads between victims. Also everything was double base64 encoded which makes it impossible to use GitHub search. | ||