GitHub Investigates 4,000‑Repo Leak After Threat Actor Sale Attempt

On Tuesday, GitHub disclosed that it detected a compromise involving an employee device that had been infected with a poisoned Microsoft Visual Studio Code extension. The extension allowed attackers to exfiltrate internal source code, which TeamPCP later advertised for sale with a minimum price of $50,000. GitHub emphasized that its assessment shows the intrusion was limited to internal repositories and that it will notify customers if any impact emerges.

- TeamPCP claims the data set includes roughly 4,000 GitHub internal repositories and insists the leak is not a ransom, threatening to publish the material for free if no buyer appears. - The attacker’s current claim of ~3,800 repositories aligns with GitHub’s ongoing investigation. - The initial foothold came from a malicious VS Code extension that stole credentials and enabled the theft of repository data. - Separately, TeamPCP’s Mini Shai‑Hulud malware campaign has compromised the PyPI package durabletask (versions 1.4.1‑1.4.3), deploying a dropper that fetches a second‑stage infostealer capable of harvesting cloud credentials, password‑manager vaults, SSH keys, and Docker configurations, with propagation mechanisms for AWS EC2 and Kubernetes environments. - The malware also uses a FIRESCALE technique to locate backup command‑and‑control addresses by scanning public GitHub commit messages for a specific pattern.

The incident highlights how a single compromised developer tool can lead to the exposure of extensive internal source code, even when customer‑facing data remains untouched. It also shows the convergence of supply‑chain poisoning (via VS Code extensions) and worm‑like malware that leverages stolen tokens to spread across cloud infrastructures. Organizations that rely on similar development toolchains should treat extension integrity as a critical attack surface.

- Immediately audit and sign‑verify all Visual Studio Code extensions used in enterprise environments; block unsigned or community‑sourced extensions unless approved. - Rotate any secrets, tokens, or API keys that may have been stored in developer workspaces or CI pipelines, prioritizing those with access to source repositories. - Implement detection rules for MITRE ATT&CK technique T1195.002 (Supply Chain Compromise: Development Tools) and T1059.007 (JavaScript) to flag malicious extension activity. - Monitor for the FIRESCALE pattern in public commit messages and block outbound connections to domains such as check.git-service[.]com and t.m-kosche[.]com. - Apply the latest advisories from Microsoft and GitHub regarding extension security, and enforce least‑privilege access for developer accounts to limit token exposure.

Watch for any further leaks from TeamPCP, updates on the durabletask PyPI compromise, and GitHub’s official post‑mortem detailing the exact extension involved and any additional indicators of compromise.