Skip to main content

GitHub user added to an organization

ID:github_user_added_to_org
Data type:GitHub
Severity:
Informational
MITRE ATT&CK:TA0003:T1098

Description

AlphaSOC detected that a user was added to a GitHub organization. This action grants the new member access to the organization's repositories, projects, and other resources.

Impact

Unauthorized addition of users to a GitHub organization can provide adversaries with persistent access to source code, intellectual property, and configurations depending on their permissions. This access enables threat actors to exfiltrate sensitive information, inject malicious code into repositories, or further exploit the environment.

Severity

SeverityCondition
Informational
GitHub user was added to an organization

Investigation and Remediation

Review GitHub audit logs to verify whether this action was authorized and identify the user account responsible for the addition. If unauthorized, remove the user from the organization, rotate any potentially compromised accounts, and audit the environment, especially member permissions, to prevent future unauthorized additions.