Hacking attempt against Ubuntu source code to install a backdoor

IT systems audit experts report an alleged hacking attack against the GitHub account of Canonical Ltd, the company in charge of Ubuntu, the popular Linux distribution, allegedly with the intention of installing a backdoor.

“Last July 6, the access credentials to one of the GitHub accounts owned by Canonical were compromised; those responsible for this incident used the credentials to create repositories on the developer platform, among other potentially malicious activities,” mentions a statement from the GitHub security team.

As a security measure, Canonical deleted the compromised GitHub account, and also began an internal investigation to determine the actual scope of the attack, although, according to IT systems audit experts, there is still no evidence to prove that the code source or any other development owned by Canonical has been compromised. 

Ubuntu security team also committed to releasing regular updates on the incident and a full investigation once the case is closed. The company is also committed to conducting external audits and implementing any other necessary security measures. 

Sources close to the company claim that hackers created eleven new repositories in Canonical’s official account, although these repositories were found completely empty. A few days before the incident, a firm of IT systems audit experts detected some signs of activity, such as Internet scans, looking for Git configuration files. These files often contain login credentials for GitHub accounts such as those used by Canonical managers.

Unfortunately, this is not the first time a security incident is presented at Canonical. In previous opportunities, threat actors were able to extract sensitive information from up to two million users of the official Ubuntu forum. After the third security incident, the company decided to close this forum.   

Finally, experts from the International Institute of Cyber Security (IICS) reported the existence of a malicious Ubuntu package containing a cryptocurrency mining malware hosted on the official store of this distro for months.