Ongoing Threats to Australian Code Repositories Highlighted by ACSC and Avocado

Severity: High (Score: 72.5)

Sources: Securitybrief.Au, Technologydecisions.Au

Summary

The Australian Cyber Security Centre (ACSC) has issued a high priority alert regarding persistent attacks on online code repositories, relevant to all Australian organizations that maintain or utilize such repositories. These attacks involve social engineering, compromised credentials, and the abuse of legitimate tools, increasing the risk of future attacks. Avocado Consulting has echoed this warning, emphasizing that many organizations have not yet implemented basic protective measures. The ACSC's alert is the second in five months, indicating a sustained threat level. Attackers exploit secrets sprawl, where sensitive credentials are poorly managed across various systems, potentially leading to widespread organizational compromise. Organizations are urged to conduct audits of their privileged accounts and implement secure development practices. The ACSC also advises on managing cryptographic keys and identifying living-off-the-land techniques used by attackers. The compromise of trusted software packages poses a significant risk, as these are often integrated into other software, amplifying the impact of vulnerabilities. Key Points: • ACSC has issued a high priority alert on ongoing attacks targeting online code repositories. • Attackers are using social engineering and legitimate tools to exploit vulnerabilities. • Organizations are advised to audit privileged accounts and improve secrets management.

Key Entities

• Supply Chain Attack (attack_type)
• Government (industry)
• T1195 - Supply Chain Compromise (mitre_attack)