GitHub Probes Internal Repo Leak After TeamPCP Posts 4,000 Repos for $50K

Context GitHub announced on Tuesday that it is investigating a breach affecting only its internal repositories. The incident follows a public listing by the cybercrime group TeamPCP, known for supply‑chain attacks, that advertised a dump of GitHub’s source code on a dark‑web forum.

Key Facts - TeamPCP posted a sale price of $50,000 and claimed the dump contains about 4,000 repositories. GitHub’s internal investigation estimates the actual number at roughly 3,800, matching the claim. - The breach originated from a compromised Microsoft Visual Studio Code extension on an employee device. GitHub rotated critical secrets and prioritized high‑impact credentials as a containment step. - No evidence yet shows customer data outside GitHub’s internal environment was accessed. The company will notify customers through its incident‑response channels if any impact is discovered. - The same actor recently poisoned the durabletask package on PyPI, a Microsoft Python client downloaded 417,000 times per month. The malicious versions (1.4.1‑1.4.3) embed a silent dropper that fetches a second‑stage payload from an external server and runs only on Linux. - The payload acts as an infostealer, harvesting cloud provider keys, password‑manager vaults, SSH keys, Docker credentials, VPN configs, and shell history. It propagates via AWS Systems Manager (SSM) commands on EC2 instances and via `kubectl exec` in Kubernetes clusters. A conditional payload can play audio and execute `rm -rf /*` on systems with Israeli or Iranian settings. - The worm uses a “FIRESCALE” technique to locate backup command‑and‑control addresses hidden in public GitHub commit messages, a method previously documented by security researchers.

What It Means The incident highlights the risk of credential exposure through compromised developer tools. Even a single poisoned extension can grant attackers a token to publish malicious packages to public repositories, amplifying the supply‑chain threat. Organizations that rely on PyPI packages should audit token usage and enforce least‑privilege policies for publishing credentials.

What Defenders Should Do - Rotate all secrets tied to compromised accounts, especially API tokens for package registries. - Implement multi‑factor authentication and enforce short‑lived tokens for CI/CD pipelines. - Deploy detection rules for MITRE ATT&CK techniques T1059 (Command‑line Interface) and T1105 (Ingress Tool Transfer) that monitor unusual SSM `SendCommand` activity and `kubectl exec` sessions. - Scan internal code bases for unknown VS Code extensions and verify their provenance. - Monitor PyPI for unexpected version releases of critical packages and use signed packages where possible. - Harden AWS and Kubernetes environments by restricting SSM and `kubectl exec` to approved service accounts.

Watch for further disclosures from GitHub on the scope of the leak and any follow‑on activity targeting customer repositories.