I-GitHub iveze umsebenzi ekwakhiweni kwenqwaba yamafoloko nama-clones amaphrojekthi adumile, ngokwethulwa kwezinguquko ezinonya kumakhophi, okuhlanganisa ne-backdoor. Ukusesha igama lomsingathi (ovz1.j19544519.pr46m.vps.myjino.ru), elifinyelelwa ngekhodi enonya, kubonise ukuba khona kwezinguquko ezingaphezu kwezinkulungwane ezingama-35 ku-GitHub, ezikhona kuma-clones nezimfoloko zamakhosombe ahlukahlukene, okuhlanganisa nezimfoloko. ye-crypto, golang, python, js, bash, docker kanye ne-k8s.
Ukuhlasela kuhloselwe ukuthi umsebenzisi ngeke alandelele okwangempela futhi uzosebenzisa ikhodi yemfoloko noma i-clone enegama elihluke kancane esikhundleni senqolobane yephrojekthi eyinhloko. Njengamanje, i-GitHub isivele isuse iningi lamafoloko ngokufaka okunonya. Abasebenzisi abeza ku-GitHub bevela ezinjinini zokusesha bayelulekwa ukuthi bahlole ngokucophelela ubudlelwano benqolobane nephrojekthi enkulu ngaphambi kokusebenzisa ikhodi evela kuyo.
Ikhodi enonya eyengeziwe ithumele okuqukethwe kokuguquguquka kwemvelo kuseva yangaphandle ngenhloso yokweba amathokheni ku-AWS nezinhlelo eziqhubekayo zokuhlanganisa. Ngaphezu kwalokho, i-backdoor ihlanganiswe nekhodi, iqalisa imiyalo yegobolondo ibuyiselwe ngemva kokuthumela isicelo kuseva yabahlaseli. Iningi lezinguquko ezinonya zengezwe phakathi kwezinsuku eziyisi-6 nezingu-20 ezedlule, kodwa kukhona amakhosombe lapho ikhodi enonya ingalandelelwa emuva ku-2015.
Source: opennet.ru