GitHub confirmed today it was breached via an attacker that stole thousands of internal repositories.
TeamPCP, a financially motivated threat actor that has relentlessly targeted the open source ecosystem, yesterday published a post to a prominent Dark Web data breach forum that it would sell internal source code and organization data stolen from GitHub. This totaled “~4,000 repos of private code,” according to the advertisement, and was for sale to an interested buyer.
“As always this is not a ransom. We do not care about extorting GitHub, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found we will leak it free,” the post read.
However, GitHub today partially confirmed the advertisement’s claims in a series of posts on the official company account on X. According to the Microsoft-owned company, GitHub yesterday detected and contained the compromise of an employee device, which involved a poisoned VS Code extension. GitHub said it removed the malicious extension version, isolated the endpoint, and began incident response.
“Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far,” the series of posts read. “We moved quickly to reduce risk. Critical secrets were rotated yesterday and overnight with the highest-impact credentials prioritized first. We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. We will take additional action as the investigation warrants. We will publish a fuller report once the investigation is complete.”
TeamPCP has become a force to be reckoned with for developers in recent months. Security experts have pinned the Shai-Hulud self-replicating worm attacks that began last year to TeamPCP, and it has further targeted organizations in credential attacks and more. Most recently, TeamPCP published the source code of Shai-Hulud to GitHub in an effort to spread the worm even further.
GitHub Breach Begs: What Happened?
The idea that TeamPCP would hit GitHub through a poisoned version of a Visual Studio Code (VS Code) extension (or perhaps a typosquatted application) is well within the threat actor’s capabilities, as many of its recent campaigns have involved such threat activity.
It is notable that the Microsoft-owned GitHub was compromised through a VS Code extension a year after GitHub committed itself to open source software security and two years after Microsoft committed itself to improved security practices. VS Code, a Microsoft format, isn’t necessarily a Microsoft extension. So while breach victims deserve a bit of grace, the threat to the open source ecosystem has been well established for months.
Roy Akerman, head of cloud and identity security for vendor Silverfort, tells Dark Reading that this attack happened because the trust model around developer tooling is “fundamentally broken.”
“A VS Code extension runs with the same privileges as the editor itself, and once installed it has access to everything the developer can reach,” he says. “There’s no meaningful verification before that code executes. What makes this breach remarkable isn’t the entry point, it’s that TeamPCP used GitHub’s own infrastructure as the weapon end to end. They leveraged compromised developer tooling and trusted release workflows to distribute malicious code, including the poisoned VS Code extension that reached a GitHub employee’s machine.”
Kayne McGladrey, senior member of the Institute of Electrical and Electronics Engineers (IEEE), echoed the concern about VS Code extensions running with full trust, “which means that they get access to the developer’s filesystem, credentials, cloud keys, SSH keys, and environment variables.”
Dark Reading contacted GitHub for additional comment.

Comments are closed