A global operation called EMERALDWHALE has targeted misconfigured Git configurations, resulting in the theft of over 15,000 cloud service credentials. According to the Sysdig Threat Research Team (TRT), attackers used a blend of private tools to exploit misconfigured web services, gaining unauthorized access to cloud credentials, cloning private repositories and extracting sensitive information.

Source: Infosecurity