Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 19 Sep 2025
Last updated: 19 Sep 2025

Content written for

Individuals & families
Small & medium business
Large organisations & infrastructure
Government

This alert is relevant to all Australians and Australian organisations that maintain online code repositories and public software packages.

Background

The ASD's ACSC is aware of increased targeting of online code repositories.

Threat actors have been observed gaining access to online code repositories through:

  • Phishing/Vishing
  • Social Engineering
  • Compromised credentials
  • Compromised authentication tokens
  • Infected software packages.

The following activities have been noted as being performed by threat actors after gaining access to privileged systems and accounts:

  • Running open-source tools to scan for cryptographic secrets, passwords and sensitive keys stored in online code repositories.
  • Extracting and leaking identified credentials publicly.
  • Migrating private repositories to public repositories.
  • Modifying public packages to initiate supply-chain compromises.

Threat actors have been observed abusing legitimate tooling and functions to achieve these results, rather than bespoke tooling.

The risk of exposed code bases can allow actors a better understanding of internal processes and systems, increasing an organisation’s attack surface and enabling future, novel attacks.

Mitigation advice

ASD's ACSC advises organisations to:

  • Investigate affected systems: Review logs for recent package installations, suspicious processes, and unexpected modifications in developer repositories. Analyse any system that hosted a compromised package for malicious activity.
  • Validate packages: Validate that only trusted, verified packages are in use; check packages for signs of compromise before installation and updating.
  • User awareness: Inform users on the dangers of unverified and under verified software packages.
  • Monitor for secret scanning: Use code repositories’ native security functions to detect malicious secret scanning.
  • Rotate potentially exposed secrets: Rotate any secrets found in code repositories accessible from compromised systems.
  • Review advice on mitigating cyber supply chain risk.
  • Review advice on managing cryptographic keys and secrets.
  • Review advice on Identifying and Mitigating Living Off the Land Techniques to understand how threat actors use legitimate tooling to undertake attacks.
  • Review advice on Social Engineering.

Where to get help

Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371)

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?