alt Hacker NewsReally appreciate the transparency here. Post-mortems like this are vital for the industry.
I'm curious was the exfiltration traffic distinguishable from normal developer traffic?
We've been looking into stricter egress filtering for our dev environments, but it's always a battle between security and breaking npm install
Wouldn’t the IP allowlist feature on the GitHub organisation work wonders for this kind of attack?