Cyber Incident Victim: GitHub

On March 26, 2015, GitHub, the world’s largest public code repository, began experiencing a sustained distributed denial-of-service (DDoS) attack described as the largest and most complex in its history. The attack specifically targeted two GitHub-hosted projects: GreatFire, an anti-censorship tool, and cn-nytimes, a Chinese-language mirror of The New York Times. Initial analysis indicated the attack originated from China, leveraging JavaScript injection through traffic to Baidu, China’s dominant search engine. This malicious script forced users’ browsers to repeatedly request the two GitHub project URLs whenever they visited Baidu, creating massive unintended traffic volumes due to Baidu’s scale. GitHub’s status page documented intermittent service degradation characterized by increased latency and reduced availability throughout March 26-28 as the attack persisted.

GitHub implemented multiple mitigation measures that temporarily reduced the attack’s effectiveness, though the assault continuously evolved to bypass defenses, requiring ongoing emergency response efforts. The company characterized the attack as aiming to force the removal of content enabling censorship circumvention in China, though no specific threat actor was formally identified. Baidu publicly denied complicity, asserting its systems showed no signs of compromise. Despite partial mitigation success, GitHub maintained an all-hands response posture throughout the incident due to the attack’s adaptive nature. Service graphs indicated residual operational impacts during the multi-day event, though GitHub ultimately contained the majority of the disruption. The incident highlighted the vulnerability of platforms hosting politically sensitive tools to state-aligned DDoS campaigns exploiting compromised internet infrastructure.