Summary: GreyNoise observed a significant spike in crawling activity targeting Git configuration files on April 20-21, 2025, with nearly 4,800 unique malicious IP addresses involved. The activity poses serious risks as exposed Git files may lead to revealing internal codebases and sensitive credentials, particularly with Singapore identified as a major source and destination of this reconnaissance traffic. To mitigate this risk, it is crucial that organizations secure their Git configuration files and monitor for unauthorized access attempts.
Affected: Organizations utilizing Git repositories
Keypoints :
- Massive rise in reconnaissance activity, with significant engagement from malicious IPs.
- Singapore emerged as the major hub for both sourcing and receiving such crawling traffic.
- Security recommendations include restricting .git directory access and monitoring server logs for suspicious requests.
Source: https://www.greynoise.io/blog/spike-git-configuration-crawling-risk-codebase-exposure