Skip to main content

GitHub organization moderators changed

ID:github_organization_moderators_changed
Data type:GitHub
Severity:
Informational
MITRE ATT&CK:TA0003:T1098.003

Description

AlphaSOC detected that a user was added to GitHub Organization moderators. This action grants elevated privileges within a GitHub Organization, allowing the user to manage team discussions, moderate comments across the organization, block or unblock contributors, and set interaction limits for repositories.

Impact

Adding unauthorized users to GitHub Organization moderators grants them the ability to control discussion threads and manage user interactions across the organization. While moderators cannot directly modify code or critical repository settings, this privilege elevation can be used to disrupt collaboration and facilitate further compromise of the development environment.

Severity

SeverityCondition
Informational
GitHub organization moderators changed

Investigation and Remediation

Review GitHub audit logs to verify whether this action was authorized and identify the user account responsible for the addition. If unauthorized, immediately remove the user from the moderators list, revoke any potentially compromised credentials, and conduct a comprehensive audit of recent moderator actions to identify any malicious activity or policy violations.