A cluster of coordinated and overlapping campaigns that have been running for several months is abusing GitHub’s API and leveraging dozens of “ghost” accounts that have been dormant for years to map organizations and their developers.
Many of the operations are using the API to scrape public information; some have gone further, including cloning private repositories, c...