Hacked GitHub via tainted VS Code extension
▼ Summary
– GitHub confirmed a breach of its internal repositories after TeamPCP claimed access, with approximately 3,800 repos exfiltrated.
– The breach occurred when a GitHub employee installed a malicious Visual Studio Code extension, which was removed immediately after detection.
– GitHub is prioritizing credential rotation and log analysis, with no evidence yet that customer data outside internal repos was impacted.
– Security researcher Charlie Eriksen noted that VS Code extensions have full machine access, and a separate extension, Nx Console, was briefly backdoored the day before the GitHub breach.
– TeamPCP, a cybercrime group specializing in supply chain attacks, is selling the stolen repository data and plans to leak it if no buyer emerges.
Following TeamPCP’s public assertion that they had infiltrated GitHub’s private code repositories, the Microsoft-owned platform initiated an investigation and has now verified the security incident.
“Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far,” GitHub stated.
The company initially noted there was no evidence that customer data stored outside GitHub’s internal repositories had been compromised. However, as the probe remains active, that assessment could evolve.
GitHub’s investigation traced the intrusion to a compromised Visual Studio (VS) Code extension installed by one of its employees. The extension had been poisoned, granting attackers access to internal repositories.
“We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” the company shared. “Critical secrets were rotated yesterday and overnight with the highest-impact credentials prioritized first. We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. We will take additional action as the investigation warrants.”
Charlie Eriksen, a security researcher at Aikido Security, highlighted the inherent risk of VS Code extensions, noting they possess full access to a developer’s machine, including credentials, cloud keys, and SSH keys.
“The day before the GitHub breach was disclosed, a completely separate extension called Nx Console, 2.2 million installs, was also briefly backdoored. The community caught that one in 11 minutes, which sounds fast until you realise how many machines auto-update in that window,” he told Help Net Security. “GitHub still hasn’t named the extension used in their breach, and blocking something malicious always depends on it being identified first.”
TeamPCP, also tracked as UNC6780, is a cybercrime group specializing in supply chain attacks that target open-source security tools and AI middleware. Their prior victims include Aqua’s Trivy security scanner, CheckMarx’s KICS, the LiteLLM library, the Telnyx SDK, TanStack, and MistralAI, along with packages dependent on those.
The group has executed some of these breaches using Mini Shai-Hulud, a customized self-replicating worm first documented in 2025. This worm automates supply chain attacks by stealing CI/CD credentials and using them to publish infected versions of additional packages.
TeamPCP is now reportedly selling the stolen GitHub repository contents and has threatened to leak the data if no buyer emerges.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
(Source: Help Net Security)
