Osint Scanning ExposureOsint Finding

GitHub used as covert malware command and control channel

April 4, 2026Cyber_OSINT, The Cyber Security Hub™

Multiple posts describe campaigns using GitHub repositories as C2 infrastructure, including DPRK linked activity leveraging private repos to evade detection and maintain persistence.

Open in PulseSee the full expert discussion →

QUOTES

FortiGuard notes DPRK-linked campaigns using LNK files and GitHub C2 to evade detection, exfiltrating system data and maintaining persistence via scheduled tasks and C2 from private GitHub repositories.

GitHub Used as Covert Channel in Multi-Stage Malware Campaign

VOICES

Cyber_OSINT

The Cyber Security Hub™

RELATED TERMS

c2malware analysisgithubmalicious software

OTHER FINDINGS IN OSINT SCANNING EXPOSURE

Handala Hack public Telegram channel doxxing and document release Claude Code internal architecture exposed including multi agent workflows and guardrails Hunter scan counts for exposed services tied to critical CVEs

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security