AI Cybersecurity Threats: The Ghost Account Reconnaissance Campaign
GitHub keeps being a goldmine for attackers, and honestly, it's not hard to see why. The platform sits dead center in the software supply chain, handing threat actors everything they've been chasing for years: source code, secrets, and automated pipelines they can run wild inside. Datadog Security researchers have now documented what they're calling a sustained pattern of abuse that's been running for months — and the technique is almost uncomfortably clever.
The campaign doesn't blast through firewalls or exploit zero-days. It just quietly maps entire organizations using GitHub's own public APIs, riding on dormant ghost accounts that look like perfectly normal developer profiles. Each individual request is unremarkable. Together, over weeks, they paint a detailed picture of who works where, what code they're building, and how the whole operation hangs together. Then — sometimes — it escalates to full cloning.
The problem isn't that GitHub is broken. It's that the abuse blends so seamlessly into normal API traffic that most teams never notice until it's too late.
How the Reconnaissance Actually Works
Here's where it gets interesting. A large share of GitHub's API surface is reachable without any authentication at all — public by design, which means it's also open to anyone with a script and some patience. Requests against these APIs return standard HTTP 200 responses, so there's nothing flashy about the traffic.
What attackers are doing is building detailed maps of organizations: their public repositories, their members, who follows whom, which repos have been starred, and what projects people are interacting with. The traffic looks identical to legitimate developer activity. Normal REST endpoints handle the org-mapping, while the bulk of the heavy lifting goes through the GraphQL endpoint — which is well suited for running bulk queries across enterprises, users, and repositories all at once.
GitHub compounds the problem by only collecting geolocation data when a user interacts with private repositories. When someone's poking around public resources, the platform records nothing about their location. That limits geolocation and VPN or proxy-based attribution to almost nothing.
The accounts doing the work are what Datadog calls "ghost accounts" — profiles created anywhere from two to five years ago and left completely dormant. An account with a multi-year history reads as far more legitimate than one registered the same week it starts scraping. The researchers identified more than 50 of these accounts, clustered into families with names like user432023, user412023, and kobalt*. Each campaign runs a burst of just one to three weeks across many enterprises simultaneously, then goes quiet.
The Tools and the Tactics
The attackers aren't using off-the-shelf tools. They've built custom data exfiltration agents with names designed to blend into normal analytics traffic: GitHub-Company-Scraper, GitHub-Scraper-Tool/1.0, and GitHubAnalytics/1.5. The user agents are crafted to look like legitimate data analysis requests, which makes them nearly invisible against the background noise of real developer activity.
But it's not just ghost accounts doing the work. Datadog senior security engineer Julie Agnes Sparks noted that the activity represents a blend of custom automated scanner tools, opportunistic abuse of leaked credentials, and coordinated networks of burner accounts. Some campaigns have used the legitimate accounts of GitHub users who inadvertently posted their OAuth tokens or personal access tokens, or whose endpoints were compromised in other ways.
The focus of these campaigns is narrow and consistent, Sparks said. The concern lies in the aggregate. In isolation, requests target public repositories without authentication and return successful responses — rarely producing meaningful access into an enterprise's actual code. But when you see a group of accounts moving in sync across shared targets, using versioned custom tooling over weeks, that's systematic behavior. The researchers cited one event where dozens of distinct but compromised GitHub accounts made API requests to a single organization within minutes. The attack ultimately failed because they targeted private repository commit paths, but the coordination alone was alarming.
Why Enterprises Are Especially Vulnerable
David Shipley of Beauceron Security put it plainly: many development lifecycles are just insecure by default. Threat actors are typically after API keys and cloud secrets, and with everyone being pushed to do more with AI agents coding, the treasure trove of secrets is likely even bigger now.
Scott Miserendino, CTO at DataBee, agreed. GitHub is the most popular source code repository for both open-source and enterprise projects. Its sheer volume of projects, along with being home to some of the most popular and widely used software, makes it an obvious target. Intellectual property theft — like unauthorized cloning of private repositories — can be used to gain access to proprietary software or find vulnerabilities that can later be exploited in production.
A second popular attack vector involves searching for repositories containing default credentials to popular software. Once found, attackers can develop and test assaults against accounts that are present in production environments or installed by default on certain appliances. The combination of exposed secrets and automated scraping creates a feedback loop that's hard to break.
What Enterprises Can Actually Do About It
Sparks pointed out that these behaviors can be hunted for and detected if you're watching the right fields — things like user agent strings, token types, autonomous system numbers (ASN), and attempted actions. User agents, event activity, and actor names are vital clues to unauthorized activity in your environment.
She suggested reviewing unusual user agent behavior across GitHub audit logs, particularly for those that extend to private repositories where the platform also captures the IP address, actor name, and programmatic access type. Enterprises should enable GitHub audit log streaming, baseline their normal user agents, and perform proactive threat hunting. Most importantly, she emphasized developing detections unique to your own GitHub organization — knowing what normal looks like in your specific environment is the single most effective defense.
Miserendino kept it simpler: follow security best practices. Enable multi-factor authentication on all accounts. Perform periodic user access reviews and remove any unused or unneeded accounts. Scan repositories for credentials stored in plaintext rather than in a proper secret store. It's basic stuff, but most teams don't do it consistently enough.
The ghost account campaign is a reminder that the hardest threats aren't always the loudest ones. Sometimes they're just quiet, patient, and running on APIs you never thought to monitor.