Skip to main content

GitHub organization transferred to another Enterprise account

ID:github_organization_transferred
Data type:GitHub
Severity:
Medium
MITRE ATT&CK:TA0010:T1537

Description

AlphaSOC detected a transfer of a GitHub organization between enterprise accounts. This activity changes the ownership and control of an organization's repositories, users, and settings to a different enterprise account.

Impact

Transfers of GitHub organizations between enterprise accounts can indicate compromised accounts or insider threats attempting to gain control of source code and intellectual property. Adversaries may transfer organizations to enterprise accounts they control to exfiltrate code, secrets, and configuration data.

Severity

SeverityCondition
Medium
GitHub organization transferred to another Enterprise account

Investigation and Remediation

Review GitHub audit logs to identify the user who initiated the transfer and to verify whether the transfer received proper business authorization. If unauthorized, contact GitHub support promptly to request reversal of the transfer. After addressing the immediate issue, conduct a review of organization membership and access permissions. Rotate all organization secrets and deployment keys as a precaution. To prevent future incidents, enable organization transfer restrictions and establish documented procedures for authorized transfers.