Skip to main content

GitHub user invited to a repository

ID:github_user_added_to_repository
Data type:GitHub
Severity:
Informational
MITRE ATT&CK:TA0003:T1098

Description

AlphaSOC detected that a user was invited to a GitHub repository. This action may indicate adversarial attempt to establish persistence within the organization's development environment.

Impact

Unauthorized access to the repository could allow adversaries to inject malicious code, exfiltrate sensitive information, or perform other malicious activities within the organization's environment.

Severity

SeverityCondition
Informational
GitHub user was invited to a repository

Investigation and Remediation

Review GitHub audit logs to verify whether this action was authorized and identify the user account responsible for the invitation. If unauthorized, remove the user from the repository, rotate any potentially compromised accounts, and conduct a thorough audit of the environment for other signs of compromise.