github revealed the information about compromise repositories In which the development of the GitHub Desktop and Atom applications was carried out. Among other things, the attackers managed to access the certificates used in the GitHub Actions in the certification of the published GitHub Desktop releases for MacOS and ATOM digital signature. Since the keys were additionally encrypted using passwords, their use for malicious actions is evaluated as unlikely, nevertheless, GitHub decided to withdraw problematic certificates, which will lead to the inoperability of some versions of Github Desktop and Atom, starting from February 2.
, according to GitHub, the attack was limited only to the indicated repositories and the project’s infrastructure was not affected. Access was obtained using a personal token (Pat, Personal Access Token), tied to the account of one of the developers.