Attackers Ramp Up Efforts Targeting Developer Secrets www.darkreading.com/threat-in…

Cybercriminals and sophisticated threat actors have stepped up their search for development files inadvertently pushed to application servers, hoping to gain access to the passwords and source code of deployed applications.

In April, unknown attackers launched widespread scans from major cloud providers in Singapore and the United States, targeting environment (env) and Git configuration files that developers may mistakenly have pushed to servers, according to telemetry collected by threat-tracking firm GreyNoise Intelligence. While such scanning is typically constant and low-volume, the company detected four significant spikes over the past six months, each involving at least 2,900 unique IP addresses.

The April spike was the biggest yet, however, involving nearly 4,800 IP addresses, says Bob Rudis, vice president of data science for GreyNoise Intelligence.