"“Yesterday we detected and contained a compromise of an employee device involving a poisoned VS [Visual Studio] Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” GitHub said."
"“Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker's current claims of ~3,800 repositories are directionally consistent with our investigation so far.”"
"“We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. We will take additional action as the investigation warrants.” The company promised to publish a full incident report once it had completed its investigations."
"That figure tallied with an earlier claim by the TeamPCP threat group that it had breached 4,000 repos, complete with a threat to leak the stolen code if no buyer willing to pay at least “50k” was found. The group backed up its claim by posting a list of the breached repositories on the LimeWire content sharing platform."
A compromise of an employee device was detected and contained after a poisoned Visual Studio Code extension was identified. The malicious extension version was removed, the affected endpoint was isolated, and incident response began immediately. The current assessment indicates the activity involved exfiltration of GitHub-internal repositories only. The attacker’s reported number of repositories, about 3,800, aligns directionally with the investigation findings. GitHub continues analyzing logs, validating secret rotation, and monitoring for follow-on activity, with additional actions planned as warranted. A threat group previously claimed breaches of about 4,000 repositories and threatened to leak stolen code unless a buyer paid at least 50k, posting a list of breached repositories on LimeWire.
#supply-chain-attack #vs-code-extension #repository-exfiltration #incident-response #threat-extortion
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]