Code repository Github mitigated a distributed denial-of-service attack, restoring services this morning around 9 a.m. Eastern time.
According to a Github status log, connectivity problems began today around 5:30 a.m. with Github declaring it was under a DDoS attack an hour later.
A request for comment from Github was not returned in time for publication. Threatpost will update this article as more details become available. It’s unknown from where the attacks originated and whether they’re related to massive days-long DDoS attack carried out earlier this year.
The March attack against Github was linked to servers based in China and lasted close to a week. Rather than attackers using particular attack tools, the March DDoS attack involved the use of malicious JavaScript to hijack traffic from victims around the world that was redirected to Github.
That incident had similar characteristics to another attack against anticensorship website GreatFire.org carried out by the Chinese government, experts said. GreatFire.org is a source of anticensorship tools and monitors censored sites and keywords inside China.
“Millions of global internet users, visiting thousands of websites hosted inside and outside China, were randomly receiving malicious code which was used to launch cyberattacks against GreatFire.org’s websites. Baidu’s Analytics code (h.js) was one of the files replaced by malicious code which triggered the attacks. Baidu Analytics, akin to Google Analytics, is used by thousands of websites. Any visitor to any website using Baidu Analytics or other Baidu resources would have been exposed to the malicious code,” the Great Fire analysis said.
Github systems engineer Jesse Newland said the March attack was the largest in its history, and the attackers’ motivation was to convince Github to remove a “specific class of content.”
It’s unknown how big today’s attack was, nor the attackers’ motivations.
