TeamPCP, a cybercrime group linked to multiple prior supply-chain campaigns, exfiltrated 3,800 internal GitHub repositories last week in conduct that directly implicates 18 U.S.C. § 1030 — the Computer Fraud and Abuse Act. The group is now asking at least $50,000 on the Breached forum for what it claims is “approximately 4,000 repos of private code.”

GitHub CISO Alexis Wales confirmed the breach Wednesday, tracing it to a GitHub employee who installed Nx Console 18.95.0, a trojanized version of the official VS Code extension for Nx monorepos. The malicious extension stole the employee’s GitHub CLI credentials, giving TeamPCP contributor-level access to run CI/CD workflows and clone internal repos.

The Nx Console security advisory (GHSA-c9j4-9m59-847w) traces the root cause upstream: an Nx developer was caught in the TanStack npm supply-chain compromise, which leaked credentials and opened the Nx publishing pipeline. The poisoned extension harvested secrets across npm, AWS, Kubernetes, and GCP/Docker before Nx pulled it. It was live on the Visual Studio Marketplace for 18 minutes, OpenVSX for 36.

Microsoft’s download count for the malicious version: 28 on VS Marketplace, 41 on OpenVSX. But Nx’s own analytics showed 6,000 activations two days later, a gap that download numbers alone can’t explain.

TeamPCP’s “Mini Shai-Hulud” campaign has now touched PyPI, npm, Docker, two OpenAI employees, and GitHub’s own internal codebase in a single cascading credential chain. TanStack credentials opened the Nx pipeline; Nx credentials opened GitHub. Each stage of credential theft funds the next breach.

Wales says GitHub hasn’t found evidence that customer data outside its internal repos was stolen. GitHub rotated critical secrets Monday through Tuesday. Wales says GitHub will take additional action as the investigation warrants.

James Okafor