News

CISA Admin Leaked AWS GovCloud Keys on Github

By Ben Archer · Security Reporter 9h ago

A contractor working for the Cybersecurity and Infrastructure Security Agency exposed highly privileged AWS GovCloud credentials in a public GitHub repository until this past weekend. The leaked repository contained access keys to multiple AWS GovCloud accounts alongside detailed internal documentation about CISA's software development, testing, and deployment processes.

Security researchers characterized the exposure as one of the most severe government data leaks in recent years. The public archive included files that mapped CISA's internal systems and revealed how the agency builds and deploys software. An attacker with access to these credentials could have gained control over critical infrastructure systems that CISA oversees and protects.

AWS GovCloud is a restricted cloud environment designed specifically for U.S. government agencies and contractors handling sensitive workloads. Access to GovCloud credentials represents a high-value target because it bypasses standard commercial AWS security boundaries and provides entry into systems supporting national cybersecurity operations.

The leak highlights a recurring vulnerability in software development practices. Contractors and government employees regularly commit credentials, API keys, and configuration files to version control systems. GitHub itself operates automated scanners that detect exposed secrets, but the repository remained public long enough for the credentials to be catalogued and potentially harvested by adversaries.

CISA discovered the exposure and the credentials were revoked. The agency has not publicly disclosed whether unauthorized access occurred during the window the repository remained public. The incident underscores operational security gaps within federal cybersecurity agencies themselves.

Remediation involved invalidating all exposed AWS access keys and auditing logs for suspicious activity. However, the documentation detailing CISA's internal architecture and development workflows remains a persistent counterintelligence concern. Adversaries now possess detailed knowledge of how a primary U.S. government cybersecurity agency designs and deploys defensive systems.

This incident carries direct implications for contractors handling government work. Organizations must implement pre-commit scanning to prevent credential

Key facts

A contractor working for the Cybersecurity and Infrastructure Security Agency exposed highly privileged AWS GovCloud credentials in a public GitHub repository until this past weekend.
The leaked repository contained access keys to multiple AWS GovCloud accounts alongside detailed internal documentation about CISA's software development, testing, and deployment processes.
Security researchers characterized the exposure as one of the most severe government data leaks in recent years.
The public archive included files that mapped CISA's internal systems and revealed how the agency builds and deploys software.

Why it matters

This general story is part of CyberWireDaily's daily monitoring of sources, companies, institutions, and trends shaping security breaches, threats & cyber news.

Source context

This article summarizes and contextualizes reporting from Krebs on Security. The visible original source link is retained so readers can review the primary report directly.

CISA Admin Leaked AWS GovCloud Keys on Github

Key facts

Why it matters

Source context

Related reading

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Get Daily CyberWireDaily