Skip to main content

GitHub organization member updated

ID:github_organization_member_updated
Data type:GitHub
Severity:
Informational
MITRE ATT&CK:TA0003:T1098.003

Description

AlphaSOC detected that a GitHub organization member's role was updated. This activity involves changing a user's role from member to owner or owner to member. Threat actors who gain unauthorized access to GitHub accounts may modify member permissions to escalate privileges for future exploitation.

Impact

This action may indicate privilege escalation from GitHub Organization member to GitHub Organization owner. If performed by a threat actor, it could allow them to gain control over organization settings, repositories, and sensitive data. It may also enable unauthorized access to private repositories, modification of security settings, and potential injection of malicious code into the codebase, leading to severe security implications.

Severity

SeverityCondition
Informational
GitHub organization member updated

Investigation and Remediation

Review GitHub audit logs to verify whether the member update was authorized and examine the specific changes made. If unauthorized activity is confirmed, immediately revert the changes, reset credentials for affected accounts, and conduct a comprehensive review of the environment to identify any potential compromise. Ensure that all organization members have appropriate permissions.