Show in Graph
Common Information
Type Value
Value 
Code Repositories - T1213.003
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may leverage code repositories to collect valuable information. Code repositories are tools/services that store source code and automate software builds. They may be hosted internally or privately on third party sites such as Github, GitLab, SourceForge, and BitBucket. Users typically interact with code repositories through a web application or command-line utilities such as git. Once adversaries gain access to a victim network or a private code repository, they may collect sensitive information such as proprietary source code or credentials contained within software's source code. Having access to software's source code may allow adversaries to develop [Exploits](https://attack.mitre.org/techniques/T1587/004), while credentials may provide access to additional resources using [Valid Accounts](https://attack.mitre.org/techniques/T1078).(Citation: Wired Uber Breach)(Citation: Krebs Adobe) **Note:** This is distinct from [Code Repositories](https://attack.mitre.org/techniques/T1593/003), which focuses on conducting [Reconnaissance](https://attack.mitre.org/tactics/TA0043) via public code repositories.
Details Published Attributes CTI Title
Details Website 2024-09-19 13 Sink or Swim: Tackling 2024's Record-Breaking Vulnerability Wave
Details Website 2024-09-17 1 GitLab Releases Critical Security Patch for CVE-2024-45409 (CVSS 10) Vulnerability
Details Website 2024-09-16 0 Introducing VEX Hub: Essential New Repository Unifying VEX Statements!
Details Website 2024-09-16 1 Code Security
Details Website 2024-09-14 8 OPA — Policy-As-Code Agents Introduction
Details Website 2024-09-12 0 Wiz Code: Experience True ASPM With Code-to-Cloud Context | Wiz Blog
Details Website 2024-09-12 1 WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers
Details Website 2024-09-12 1 WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers - RedPacket Security
Details Website 2024-09-11 0 How I Discovered a Google Maps API Key on Tesla's Website (But It Was Already Reported)
Details Website 2024-09-11 1 Large-Scale Data Exfiltration: Exploiting Secrets in .env Files to Compromise Cloud Accounts
Details Website 2024-09-11 0 The Daily Tech Digest: 11 September 2024
Details Website 2024-09-11 1 WordPress.org to require 2FA for plugin developers by October
Details Website 2024-09-11 1 WordPress.org to require two-factor authentication for plugin developers 
Details Website 2024-09-10 1 Introducing Wiz Code: Transform Your AppSec with Wiz | Wiz Blog
Details Website 2024-09-10 5 Proofpoint and CyberArk Expand Strategic Partnership to Comprehensively Secure Identities in Hybrid and Multi-Cloud Environments | Proofpoint US
Details Website 2024-09-10 56 Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries
Details Website 2024-09-09 37 Reputational Hijacking With JamPlus: A Maneuver To Bypass Smart App Control (SAC) - Cyble
Details Website 2024-09-08 1 Exploiting CI / CD Pipelines for fun and profit - Razz Security Blog
Details Website 2024-09-06 1 NSFOCUS Introduces Digital Risk Protection Service to Bolster Cyber Defenses - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Details Website 2024-09-05 0 PyPI Revival Hijack Puts Thousands of Applications at Risk
Details Website 2024-09-05 0 Essential Mobile Security: A Guide to Penetration Testing Methodology
Details Website 2024-09-04 0 You have one minute to save your leaked AWS credentials
Details Website 2024-09-04 0 Stopping last year’s data spill becoming today’s headlines - Cybersecurity Insiders
Details Website 2024-09-04 1 FBI Warns that North Korean Hackers Attacking Crypto Employees
Details Website 2024-09-04 0 North Korean Hackers Target Crypto Companies with Sophisticated Social Engineering Schemes, FBI Warns - CloudSEK News