A hacker claims to have stolen internal Dynatrace GitHub repositories, potentially exposing source code and the company's cloud infrastructure.
On a notorious hacker forum, a threat actor is advertising the sale of internal Dynatrace GitHub data. The data in total weighs 8.46GB and contains 246 repositories.
Dynatrace is a US-based company providing AI-based performance monitoring services. The company's revenue last year spiked to $2 billion, and many high-profile companies are among its clients, including Deutsche Telekom, Accenture, Coca-Cola, United Airlines, Virgin Money, and others.
In their post, the alleged attackers claim the data was obtained through a compromised developer's Personal Access Token (PAT).
According to the post, the stolen information includes infrastructure topology data, CI/CD configurations, Kubernetes management details, Terraform modules, ArgoCD deployment information, cloud account references, and internal deployment credentials.
If authentic, the dataset could provide attackers with valuable insight into Dynatrace's internal development and cloud environments.
Source code and employee information in the data samples
Cybernews researchers have reviewed the data samples published by the threat actor. Among them were two screenshots allegedly showing Dynatrace employee information, including:
- Full names
- Usernames
- Corporate email addresses that are likely used for internal systems access
The actor also published a sample repository. According to our researchers, the repository appears to contain source code for Dynatrace Scorecards, an application used on the company's platform.
"Comparing the sample to the threat actor's claims, the nature of this exfiltrated data looks legitimate in my eyes," one of the researchers said.
However, the team cautioned that the available evidence is insufficient to verify the seller's claims about the total number of repositories or the reported dataset size of 8.46GB.
While the threat actor claims the dataset includes deployment credentials and cloud environment references, those specific claims could not be independently verified from the published samples.
Cybernews has reached out to Dynatrace for comment. We will update this article once we receive a response.
Source code exposure could create long-term security risks
Even without customer data, source code repositories can be highly valuable to cybercriminals, as they may reveal how systems are configured, how applications are deployed, and what security controls are in place.
This helps attackers to identify vulnerabilities more effectively, especially those that would otherwise remain hidden from public view.
Our researchers warn that if the data from the stolen repositories is legitimate, it could be used to conduct targeted attacks against Dynatrace, potentially putting its customers at risk as well.
"This data in question could be broadly used to discover vulnerabilities in the company infrastructure, which could lead to more targeted and successful cyberattacks," they noted.
Attackers increasingly targeting source code repositories
GitHub repositories have become a frequent target for threat actors because they often contain a concentration of valuable corporate information in a single location.
At the end of May, GitHub confirmed that attackers gained unauthorized access to its internal repositories after an employee's device was compromised through a poisoned Visual Studio Code extension.
Confirmation came after the threat actor group TeamPCP claimed to be selling the stolen source code on a prominent hacker forum.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked