US State contractor, Acuity, confirmed the fact of hacking its repositories on GitHub, as a result of which attackers stole the documents. According to the company, the stolen information was “outdated and did not contain confidential data.”
Technological Consulting company Acuity provides services in the field of DEVSECOPS, modernization of IT operations, cybersecurity, data analysts and support for federal customers in the field of national security.
Accuity confirmed the hacking of the repositories on GitHub and stated that they contain outdated and unequal information. Immediately after the detection of vulnerability, the company applied safety renewal from the SUDSP supplier and took measures to eliminate the threat in accordance with the recommendations of the supplier.
After conducting their own analysis and investigation with the involvement of third-party IB specialists, Accuity did not find evidence of compromising customer confidential data. The company is working closely with law enforcement agencies and takes appropriate measures to further protect its operations.
One of the participants in the attack, known as Intelbroker, published records with information owned by the employees of the Ministry of Justice, the State Department, the NSA and the FBI. The hacker also claims that the stolen files contain secret data from the Five Eyes intelligence alliance.
Another hacker under the pseudonym Sangierro, standing behind the attack, told BleepingComputer that the hacking occurred on March 7. According to him, attackers managed to use vulnerability on the CI/CD Accuity server to steal GitHub accounts and access to private repositories.