GitHub team changed
Description
AlphaSOC detected that a GitHub team was modified. This activity involves changes to team memberships, permissions, or other team-related settings within a GitHub organization.
Impact
Threat actors may modify team settings to grant themselves elevated privileges, add attacker-controlled accounts, or alter access controls to repositories, enabling unauthorized access to source code and sensitive data.
Severity
| Severity | Condition |
|---|---|
Informational | GitHub team changed |
Investigation and Remediation
Review the GitHub audit log to identify who made the team changes and examine the specific modifications made, including any new members added or permissions granted. Verify whether these changes were authorized. If unauthorized, immediately revert the modifications, remove any suspicious users, rotate affected credentials, and conduct a thorough security audit of the organization to identify any other potential compromises.