Code internet hosting platform GitHub disclosed that it suffered a knowledge breach final week as a part of a software program provide chain assault carried out by hackers.
The assault was traced again to a GitHub developer, who had put in a ‘poisoned’ extension for VSCode, which serves as a plug-in for a generally used code editor that can be owned by Microsoft. In its assertion confirming the information breach, GitHub stated not less than 3,800 inner repositories had been compromised by the hackers. Nonetheless, the affected repositories solely contained GitHub’s personal code and didn’t have an effect on clients’ information.
The hackers behind the GitHub breach are extensively believed to be TeamPCP, an more and more infamous group of cybercriminals that perform software program provide chain assaults, the place a whole lot of open-source instruments are corrupted and victims extorted for revenue.
“We’re right here at this time to promote GitHub’s supply code and inner orgs on the market. All the pieces for the principle platform is there and I’m very completely happy to ship samples to consumers to confirm absolute authenticity,” TeamPCP wrote on BreachForums, a discussion board and market for cybercriminals, following the breach.
The GitHub breach is the most recent in a string of software program provide chain assaults allegedly linked to the rising hacker group, elevating questions on methods to use open-source software program safely. Right here’s the whole lot you might want to learn about TeamPCP.
Who’s TeamPCP?
TeamPCP emerged in late 2025, when it exploited cloud misconfigurations and a vulnerability within the net app improvement device Subsequent.js to deploy a botnet for assaults like credential theft and cryptocurrency mining. The group of hackers relied closely on worms to seize static credentials and authentication tokens to bore deeper into victims’ programs.
TeamPCP’s web page on the darkish net hyperlinks to ‘enterprise contacts, which may doubtlessly be used to hold out ransom negotiations. The webpage options Matrix-style cascading ones and zeros, together with the phrases ‘TEAMPCP: The Cats Hijacking Your Provide Chains’ with a reggae fusion soundtrack within the background, in accordance with a report by Wired.
Story continues beneath this advert
The group’s assaults look like financially motivated because it usually targets victims by deploying ransomware or finishing up information extortion campaigns. It has additionally expressed willingness to promote victims’ information to any purchaser.
“This isn’t a ransom. We don’t care about extorting GitHub, 1 purchaser and we shred the information on our finish […] It seems like our retirement is quickly so if no purchaser is discovered we are going to leak it free,” TeamPCP reportedly wrote in its BreachForums submit close to the GitHub breach.
TeamPCP is believed to have transitioned to a ransomware-as-a-service mannequin in April this yr by establishing partnerships with extensively identified cybercriminal platforms similar to BreachForums and DragonForce.
What’s TeamPCP’s modus operandi?
Merely put, a software program provide chain assault is when hackers corrupt a legit piece of software program to cover their very own malicious code. It threatens to show any harmless utility right into a harmful foothold in a sufferer’s community, thereby sowing a brand new degree of mistrust throughout the ecosystem.
Story continues beneath this advert
TeamPCP reportedly depends on a cyclical exploitation of software program builders. First, the hackers acquire entry to a community the place an open-source device generally utilized by coders is being developed. They then plant malware within the open-source device that can be used to compromise different software program builders’ machines, together with these builders creating different software program instruments for coders.
The malware permits TeamPCP to steal credentials which, in flip, lets them publish malicious variations of these software program improvement instruments. The breached community grows because the cycle repeats. TeamPCP’s hackers have additionally reportedly automated lots of its software program provide chain assaults with a self-spreading worm generally known as ‘Mini Shai-Hulud’ – seemingly a reference to the favored sci-fi novel and film collection, Dune.
Encrypted credentials in GitHub repositories created by the worm reportedly carry the phrase: ‘A Mini Shai-Hulud Has Appeared’. In September 2025, an analogous provide chain assault involving self-spreading malware reportedly carried the identical phrase.
Who has been focused by TeamPCP?
Over the previous couple of months, TeamPCP has carried out 20 waves of provide chain assaults which have hidden malware in additional than 500 distinct items of software program, in accordance with cybersecurity agency Socket. With these tainted items of code, TeamPCP has focused and breached a whole lot of corporations that put in the software program, in accordance with Ben Learn, the pinnacle of strategic risk intelligence at cloud safety agency Wiz.
Story continues beneath this advert
Earlier than GitHub, TeamPCP is alleged to have been behind assaults concentrating on OpenAI and information contracting agency Mercor. The hackers are stated to have embedded an infostealer within the open supply safety scanner Trivy after which used stolen credentials from this assault to compromise sure variations of the AI utility programming interface (API) device referred to as LiteLLM that’s hosted on the favored Python software program repository PyPI.
Net utility safety agency Checkmarx, net app library TanStack, and enterprise AI platform Mistral are just some different corporations which have been focused by TeamPCP in provide chain assaults. It was additionally reportedly behind the current information breach affecting the European Fee’s public web site.
How can organisations defend themselves?
Consultants imagine that organisations can defend themselves from TeamPCP’s provide chain assaults to a sure diploma by maintaining safety “hygiene” practices that rigorously handle authentication tokens and impose entry restrictions wherever doable.
Additionally it is beneficial to alter or rotate tokens even if you’re not utilizing the packages which have been compromised. Different potential safeguards embody bringing age-gating updates to open-source instruments. Safety updates must be vetted and put in reasonably than instantly updating to code that has been newly revealed and could also be malicious.