GitHub confirmed on May 20 that TeamPCP, the supply chain attack group tracked as UNC6780, exfiltrated approximately 3,800 of its internal source code repositories. The entry point: a poisoned Visual Studio Code extension installed by a GitHub employee. That constitutes unauthorized access under 18 U.S.C. § 1030, the Computer Fraud and Abuse Act.

GitHub isolated the affected endpoint, rotated critical credentials, and began monitoring for follow-on activity. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only,” the company stated, adding that TeamPCP’s claims of roughly 3,800 repositories are directionally consistent with its findings. Customer data stored outside internal repos is unaffected — so far.

TeamPCP listed the stolen repositories for sale, threatening to publish if no buyer materializes. The group previously hit Aqua’s Trivy scanner, CheckMarx’s KICS, LiteLLM, TanStack, and MistralAI using Mini Shai-Hulud, a self-replicating worm that steals CI/CD credentials and publishes infected package versions.

The timing is instructive. The day before GitHub’s disclosure, Nx Console, a VS Code extension with 2.2 million installs, was briefly backdoored; the community caught it in 11 minutes, which sounds fast until you consider how many machines auto-update in that window. Aikido Security’s Charlie Eriksen noted that VS Code extensions access credentials, cloud keys, and SSH keys without restriction. GitHub still hasn’t named the specific extension involved.

VS Code’s extension marketplace, with auto-update on by default and minimal code review, turns a single poisoned package into access to thousands of privileged developer machines. TeamPCP’s Mini Shai-Hulud chains those compromises automatically. It won’t stop here.

GitHub’s investigation is open. If it surfaces customer data exposure, state breach notification obligations kick in immediately.

— James Okafor