• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Hacking
  • Is China responsible for Massive DDoS Attack against GitHub?

Is China responsible for Massive DDoS Attack against GitHub?

Pierluigi Paganini March 28, 2015

The Chinese Government is suspected for the large-scale distributed denial of service (DDoS) attack that hit the popular GitHub website.

The popular coding website Github suffered a large-scale distributed denial of service (DDoS) attack that lasted more than 24 hours starting from Thursday night.

The attack exploited the redirection of users who were connecting to many other websites on the Internet. The attackers injected malicious JavaScript code into the pages of those websites that was responsible for the hijacking of their visitors to Github.

The researcher analyzed the JavaScript code used in the attack and it appears like a sample of code available on pastebin.

Visitors who tried to access several websites in Internet used has DDoS gunner, noticed that those websites was serving advertisements and tracking code from Chinese Baidu, the code used by attackers instructs browsers of visitors to those websites to connect GitHub.com every two seconds. The technique allowed the attackers to generate “an extremely large amount of traffic,” according to researcher Anthr@x from Insight-labs.

The attackers have chosen the Baidu search engine because it has an impressive amount of visitors that were recruited with this technique in the attack that resulted in the massive flood of traffic on the Github website.

In time I’m writing Baidu denied any responsibility for the redirection mechanism exploited for the DDoS attacks:

“We’ve notified other security organizations,” states the company in an official statement, “and are working together to get to the bottom of this.“

GitHub DDoS baidu

GitHub confirmed that the distributed denial-of-service attacks, caused irregular outages of the service.

The experts speculate that the attackers are linked to the Chinese Government that used the browsers of unaware users to hit a website not “aligned” to the Government of Beijing.

“What is happening here is pretty clear now: A certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections went into China, replaced some javascript files from Baidu with malicious ones that would load

["https://github.com/greatfire/", "https://github.com/cn-nytimes/"]

every two seconds.

“In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech.” reported the post on insight-labs.

GitHub DDoS 2

The attackers used this DDoS variant to hit two popular Github projects, the GreatFire and CN-NYTimes, that are two anti-censorship tools used to avoid censorship operated by China and cirmcument The Great Firewall Of China.

Below the descripions of the two development groups active on Github platform.

  • GreatFire – A well-known group on Github that fights against Chinese government censorship of the Internet.
  • CN-NYTimes – A group that hosts New York Times mirrors to allow Chinese citizens to access the news website, which is normally blocked in China.

GitHub has informed the users that the company has deployed new defense to protect the website from attackers that are also responding by adapting their tactics, as reported by Status Message Board.

4:46 UTCThe ongoing DDoS attack has adjusted tactics again. We are continuing to adapt and mitigate it.
2:30 UTCThe ongoing DDoS attack has shifted to include Pages and assets. We are updating our defenses to match.

“Restoring service for all users while deflecting attack traffic is our number one priority. We’ve deployed our volumetric attack defenses against an extremely large amount of traffic. Performance is stabilizing,” a message posted by Github at 15:04 UTC says.

“We’ve been under continuous DDoS attack for 24+ hours. The attack is evolving, and we’re all hands on deck mitigating.”

Pierluigi Paganini

(Security Affairs –  DDoS,  GitHub)


facebook linkedin twitter

Baidu Censorship DDoS distributed denial-of-service attacks GitHub The Great Firewall

you might also like

Pierluigi Paganini July 25, 2025
Operation CargoTalon targets Russia’s aerospace with EAGLET malware,
Read more
Pierluigi Paganini July 25, 2025
Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

    Security / July 25, 2025

    Koske, a new AI-Generated Linux malware appears in the threat landscape

    Malware / July 25, 2025

    Mitel patches critical MiVoice MX-ONE Auth bypass flaw

    Security / July 25, 2025

    Coyote malware is first-ever malware abusing Windows UI Automation

    Malware / July 24, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT