GitHub was compromised through a malicious VS Code extension, resulting in the theft of 3,800 repositories.

      **TL;DR:** GitHub has confirmed that the cybercrime group TeamPCP exfiltrated around 3,800 internal code repositories after breaching an employee’s device via a compromised VS Code extension. The Microsoft-owned platform stated that no customer data was impacted, but this incident underscores the rising threat of supply chain attacks aimed at developer tools.

      It is unsettling when the largest code-hosting platform falls victim to its own ecosystem. GitHub announced on Tuesday that a threat actor accessed around 3,800 internal repositories after infiltrating an employee’s device through a malicious Visual Studio Code extension, marking one of the most significant breaches disclosed by the Microsoft-owned company.

      The cybercrime group TeamPCP, also known as UNC6780, took responsibility for the attack on the Breached hacking forum. They offered the stolen data—described as proprietary source code and internal organization files—for a minimum of $50,000, threatening to leak it if no buyer was found.

      GitHub’s investigation revealed that the breach originated when an employee downloaded a harmful extension from the official VS Code Marketplace. This single installation provided the attacker access to the employee’s device and, subsequently, to thousands of the company’s private repositories. GitHub noted that the attacker’s claim of approximately 3,800 repositories was “directionally consistent” with its findings.

      After detecting the breach, GitHub acted swiftly to isolate the compromised device, remove the malicious extension, and rotate key credentials within hours. The company emphasized that the incident only involved the exfiltration of internal repositories and found no evidence of impact on customer data, enterprise accounts, or user-hosted repositories.

      Nevertheless, the incident serves as a stark reminder of how supply chain attacks targeting developer tools can penetrate even the most security-conscious organizations. TeamPCP has a notable track record in this arena, having previously compromised Aqua Security’s Trivy vulnerability scanner, leading to the theft of 92 GB of data from the European Commission’s AWS infrastructure. The group has also targeted Checkmarx’s KICS, the LiteLLM AI gateway library, the Telnyx SDK, TanStack, and packages related to MistralAI.

      The VS Code Marketplace has emerged as an increasingly attractive vector for supply chain attacks. Unlike traditional package registries like npm or PyPI, browser and editor extensions often come with extensive system permissions by default, making them appealing to attackers seeking lateral access. GitHub has not disclosed the specific extension involved in this breach, and it remains unclear if it was a newly published malicious extension or a legitimate tool that was compromised.

      The timing of this breach is significant. It coincides with a broader wave of software supply chain compromises affecting organizations across various sectors. The ShinyHunters gang, known to have collaborated with TeamPCP before, has recently released stolen European Commission data. OpenAI was also targeted through a compromised TanStack package. Furthermore, researchers have identified numerous malicious npm packages in a campaign called Mini Shai-Hulud, linked to the same threat group.

      For GitHub, which supports over 100 million developers and serves as essential infrastructure for the global software industry, this breach raises difficult questions regarding the security of the tools that developers rely on. If a platform founded on code review and version control can be breached via a rogue extension, the implications for organizations with weaker security measures are concerning.

      GitHub reported that its investigation is still ongoing, having engaged external forensics support to assess the full extent of the data accessed. The company communicated about the incident on X, reiterating that customer data was unaffected.

      Meanwhile, TeamPCP shows no signs of slowing down. From EU institutions to AI infrastructure and core open-source development tools, the group has displayed a consistent strategy: compromise the tools organizations depend on, rendering perimeter security irrelevant.