GitHub Enterprise account owner added
Description
AlphaSOC detected that a new owner was added to a GitHub Enterprise account. This action grants the highest level of administrative privileges within the organization. Threat actors who gain access to existing owner accounts can add additional owners under their control to establish persistence within the environment.
Impact
Adding unauthorized owners to a GitHub Enterprise account can give attackers complete control over the organization's repositories, settings, and user management. This could lead to source code theft, modification of critical repositories, or other malicious actions that could compromise the integrity of your codebase.
Severity
| Severity | Condition |
|---|---|
Low | GitHub Enterprise account owner added |
Investigation and Remediation
If the owner addition was unauthorized, remove the suspicious owner account, reset credentials for all existing owners, enable two-factor authentication if not already in place, and conduct a comprehensive audit of the organization's repositories and settings for other signs of potential compromise.