GitHub user added to an organization
Description
AlphaSOC detected that a user was added to a GitHub organization. This action grants the new member access to the organization's repositories, projects, and other resources.
Impact
Unauthorized addition of users to a GitHub organization can provide adversaries with persistent access to source code, intellectual property, and configurations depending on their permissions. This access enables threat actors to exfiltrate sensitive information, inject malicious code into repositories, or further exploit the environment.
Severity
| Severity | Condition |
|---|---|
Informational | GitHub user was added to an organization |
Investigation and Remediation
Review GitHub audit logs to verify whether this action was authorized and identify the user account responsible for the addition. If unauthorized, remove the user from the organization, rotate any potentially compromised accounts, and audit the environment, especially member permissions, to prevent future unauthorized additions.