TL;DRGitHub confirmed that the cybercrime group TeamPCP exfiltrated roughly 3,800 internal code repositories after compromising an employee device through a poisoned VS Code extension. The Microsoft-owned platform says no customer data was affected, but the breach highlights the growing threat of supply chain attacks targeting developer tools.
It is an unsettling irony when the world’s largest code-hosting platform becomes the victim of its own ecosystem. GitHub confirmed on Tuesday that a threat actor exfiltrated approximately 3,800 internal repositories after compromising an employee’s device through a poisoned Visual Studio Code extension, marking one of the most significant breaches the Microsoft-owned company has ever disclosed.
Github X post
The cybercrime group TeamPCP, also tracked as UNC6780, claimed credit for the attack on the Breached hacking forum, where it offered the stolen data, which it described as proprietary source code and internal organisation files, for at least $50,000. The group said it would leak the material if no buyer materialised.
The 💜 of EU techThe latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!GitHub’s investigation found that the breach began when an employee downloaded a malicious extension from the official VS Code Marketplace. That single installation was enough to give the attacker access to the employee’s device and, from there, to thousands of the company’s private repositories. GitHub said the attacker’s claim of roughly 3,800 repositories was “directionally consistent” with its own findings.
