GitHub is investigating unauthorized access to thousands of its internal code repositories after a hacking group compromised an employee’s device through a poisoned software extension. The Microsoft-owned platform confirmed the breach after the attackers moved first, advertising stolen source code on a cybercrime forum before GitHub had made any public statement.
The group behind it is TeamPCP, a cybercriminal gang that has been running a sustained campaign of supply chain attacks since March, working its way through developer tooling with enough consistency to suggest a deliberate strategy rather than opportunistic targeting.
How the Breach Happened
The entry point was a malicious VS Code extension installed on an employee’s device. From there, the attackers accessed internal repositories, with the group later claiming to have taken around 3,800 of them. GitHub said that figure was “directionally consistent” with its own assessment of the breach’s scope, which is an unusually candid acknowledgment from a company still actively investigating.
The company said the breach was detected and contained, and that the compromised material was limited to internal repositories. No customer data was involved. Critical credentials were rotated the same day the breach was detected, with the most sensitive secrets handled first.
What the attackers did next followed a pattern that has become familiar in extortion-adjacent breaches. They offered to sell the stolen code on a cybercrime forum for $50,000, with a threat to release it for free if no buyer came forward. It is a pressure tactic designed to force a response, whether that response is a ransom payment, a rushed public statement, or reputational damage from the leak itself.
TeamPCP and the Broader Supply Chain Campaign
GitHub is the latest but not the first. TeamPCP has spent the past several months specifically targeting developer tools, with confirmed victims including TanStack, Trivy, and LiteLLM. The European Commission has also appeared among the downstream casualties of the group’s activity, which points to the reach that supply chain positioning gives attackers who focus on infrastructure that developers trust and use constantly.
The pattern is worth paying attention to. Rather than attacking end targets directly, TeamPCP has been systematically compromising the tools that developers use to build and maintain software. A malicious extension in a developer’s environment is not just a threat to that one person’s machine. Depending on what that developer has access to and what the extension can reach, it becomes a potential entry point into every system that the developer touches.
VS Code extensions are a particularly effective vector for this kind of attack. The extension marketplace is large, the review process has limitations, and developers routinely install extensions from a wide range of publishers without the same scrutiny they might apply to other software. A convincing name, a reasonable description, and a handful of reviews are often enough to clear the informal bar most people apply before installing.
What GitHub’s Response Reveals
The speed of the credential rotation suggests GitHub had an incident response process that activated quickly once the breach was detected. Prioritizing the most sensitive secrets first is standard practice in breach response, but doing it the same day as detection implies the detection itself was reasonably timely rather than delayed by days or weeks.
The more uncomfortable detail is that the attacker’s public advertisement of the stolen data preceded GitHub’s own disclosure. That sequence, where a threat actor announces a breach before the victim does, has become more common as criminal groups have realized that going public first shifts negotiating leverage and generates pressure regardless of whether a ransom is paid.
GitHub hosting code for more than 100 million developers worldwide means that even a breach limited to internal repositories carries weight beyond what the technical scope might suggest. The signal it sends about the security of the platform’s own development environment matters independently of whether any customer was directly affected.
The Wider Lesson for Developer Security
Supply chain attacks targeting developer tooling have been climbing in frequency and sophistication for several years, but the pace of TeamPCP’s campaign since March represents a concentration of activity in a short window that is harder to dismiss as background noise. Trivy is a container security scanner. LiteLLM is an infrastructure used in AI application development. TanStack is embedded in frontend development workflows across thousands of projects. These are not obscure targets.
The common thread is trust. Developers extend significant implicit trust to the tools in their daily environment, which makes those tools valuable targets for groups willing to invest in compromising them. A developer who would never click a suspicious email attachment might install a VS Code extension with minimal scrutiny because extensions feel like a different category of risk.
They are not. And TeamPCP’s campaign is a sustained demonstration of exactly that point.
Research and Intelligence Sources: GitHub, Microsoft, Recorded Future News
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
