林纳斯·托瓦兹的GitHub账户被黑了吗?
一个来自 Retro-007 账户的可疑 GitHub 仓库(https://github.com/Retro-007)出现了一个奇怪的类似 Shai-Hulud 的描述,符合我们在“第二次降临”攻击中看到的奇异随机仓库模式。更奇怪的是,该仓库中有一条由 Linus Torvalds 提交的记录(https://github.com/Retro-007/shopbook/commit/99c9ba5e78437ffeea99355439d6d04d470a8eda),乍一看似乎他的账户被黑客入侵了。
这种模式可以在其他数十个仓库中看到,它们的描述是“F*K Guillermo, F*K VERCEL --multi”。
但实际上,这条提交记录是伪造的 Git 元数据,这是一种已知的技巧,攻击者可以在没有真实账户访问权限的情况下伪造任何 GitHub 用户,这也是 Shai-Hulud 攻击背后的生态系统弱点。
我在过去一周内写过关于这些奇怪遭遇的开始,详细内容可以在这里找到:https://sitezwin.com/posts/2025-11-29-sha-hulud-the-second-coming-encouter。
查看原文
A shady GitHub repo from this account Retro-007 (https://github.com/Retro-007) appeared with a bizarre Shai-Hulud-like description, matching the odd random-repo pattern we saw during the “Second Coming” attack. Even weirder, the repo has a commit by Linus Torvalds (https://github.com/Retro-007/shopbook/commit/99c9ba5e78437ffeea99355439d6d04d470a8eda) that looks at a glance like his account was hacked.<p>This pattern can be seen in dozens of other repos with the description "F*K Guillermo, F*K VERCEL --multi"<p>But, in fact, the commit is forged Git metadata, a known trick where an attacker can fake any GitHub user without having access to the real one, the same ecosystem weakness behind the Shai-Hulud attacks.<p>I've written about the start of these weird encounters in the past week till now on this in https://sitezwin.com/posts/2025-11-29-sha-hulud-the-second-coming-encouter