GitHub repository archived
Description
AlphaSOC detected that a GitHub repository was archived. This action marks a repository as read-only, preventing any further commits, issues, or pull requests. While archiving is often a legitimate administrative action, in some cases, threat actors could archive repositories after exfiltrating source code or sensitive data to prevent legitimate users from making changes while maintaining access to the repository's contents.
Impact
Unauthorized archiving of a repository could indicate that adversaries have gained privileged access to your GitHub organization. This may result in disruption of development workflows, potential data exfiltration, and temporary loss of active version control capabilities for affected projects.
Severity
| Severity | Condition |
|---|---|
Informational | GitHub repository archived |
Investigation and Remediation
Review GitHub audit logs to identify who performed the archive action and from which IP address, then verify if this was an authorized change. If unauthorized, revoke the compromised user's access tokens, unarchive the repository if needed, and audit all recent repository activities for signs of data exfiltration or other suspicious actions. Consider implementing additional access controls for repository management actions.