GitHub organization transferred to another Enterprise account
Description
AlphaSOC detected a transfer of a GitHub organization between enterprise accounts. This activity changes the ownership and control of an organization's repositories, users, and settings to a different enterprise account.
Impact
Transfers of GitHub organizations between enterprise accounts can indicate compromised accounts or insider threats attempting to gain control of source code and intellectual property. Adversaries may transfer organizations to enterprise accounts they control to exfiltrate code, secrets, and configuration data.
Severity
| Severity | Condition |
|---|---|
Medium | GitHub organization transferred to another Enterprise account |
Investigation and Remediation
Review GitHub audit logs to identify the user who initiated the transfer and to verify whether the transfer received proper business authorization. If unauthorized, contact GitHub support promptly to request reversal of the transfer. After addressing the immediate issue, conduct a review of organization membership and access permissions. Rotate all organization secrets and deployment keys as a precaution. To prevent future incidents, enable organization transfer restrictions and establish documented procedures for authorized transfers.