T1078

Valid Accounts

discovered 2026-06-03

Initial access via takeover of a trusted GitHub contributor account with an established history of legitimate contributions to InjectiveLabs/injective-ts (not a sockpuppet). Attacker first pushed a test-backdoor-check branch to validate access.

View on MITRE ATT&CK

Seen in packages

Campaigns