Threat Intelligence4 min read
Attackers Weaponize 50+ Dormant GitHub Accounts to Map Corporate Repos
Datadog Security Labs exposes coordinated campaigns using aged 'ghost' accounts to enumerate organizations via GitHub API. Some attackers escalated from reconnaissance to cloning private repositories.
Alex KowalskiJul 10, 2026