T1078
Valid Accounts
discovered 2026-06-03Initial access via takeover of a trusted GitHub contributor account with an established history of legitimate contributions to InjectiveLabs/injective-ts (not a sockpuppet). Attacker first pushed a test-backdoor-check branch to validate access.