GitHub is currently investigating claims of unauthorized access to its internal repositories following reports that the cybercriminal group TeamPCP has listed the platform’s source code and internal organizations for sale on a cybercrime forum. The alleged data dump reportedly includes approximately 4,000 repositories.
According to GitHub, there is no evidence at this time to suggest that customer information stored outside of GitHub’s internal repositories—such as customer enterprises, organizations, and repositories—has been impacted. The company is closely monitoring its infrastructure for any subsequent activity and has stated that it will notify customers through established incident response and notification channels if any impact is discovered.
TeamPCP, known for a series of software supply chain attacks targeting open-source packages, has listed GitHub’s source code for sale with a minimum asking price of $50,000. The group emphasized that this is not a ransom demand, stating, “We do not care about extorting GitHub, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found, we leak it for free.”
In a related development, TeamPCP’s self-replicating malware campaign, dubbed Mini Shai-Hulud, has expanded with the compromise of the durabletask package, an official Microsoft Python client for the Durable Task workflow execution framework. Three malicious versions—1.4.1, 1.4.2, and 1.4.3—have been identified. The attacker reportedly compromised a GitHub account via a previous attack, extracted GitHub secrets from a repository accessible to the user, and used the PyPI token to publish the malicious versions directly.
The embedded payload in the compromised package acts as a dropper, fetching and executing a second-stage payload from an external server. This malware is an evolution of the payload deployed in the recent compromise of the guardrails-ai package. It is designed to activate a comprehensive infostealer capable of harvesting credentials from major cloud providers, password managers, and developer tools, exfiltrating the data to an attacker-controlled domain. Notably, the stealer is configured to execute only on Linux systems.
Security firm SafeDep reports that the 28KB Python stealer also attempts to access HashiCorp Vault KV secrets, unlock and dump 1Password and Bitwarden password vaults, and retrieve SSH keys, Docker credentials, VPN configurations, and shell history. If the malware detects that it is running inside an AWS environment, it propagates itself to other EC2 instances using AWS Systems Manager (SSM). Within Kubernetes environments, it spreads through kubectl exec. Additionally, if the system settings indicate Israeli or Iranian locales, there is a one-in-six chance that the malware will play an audio file and then execute a command to delete all files on the system.
Given the escalating sophistication and reach of TeamPCP’s attacks, organizations are urged to review their security protocols, especially concerning open-source dependencies and CI/CD pipelines. Vigilance in monitoring for unauthorized access and prompt rotation of compromised credentials are essential steps in mitigating the risks posed by such supply chain attacks.
Source: The Hacker News
