"GitHub confirmed on Tuesday that a threat actor exfiltrated approximately 3,800 internal repositories after compromising an employee's device through a poisoned Visual Studio Code extension, marking one of the most significant breaches the Microsoft-owned company has ever disclosed."
"GitHub's investigation found that the breach began when an employee downloaded a malicious extension from the official VS Code Marketplace. That single installation was enough to give the attacker access to the employee's device and, from there, to thousands of the company's private repositories. GitHub said the attacker's claim of roughly 3,800 repositories was "directionally consistent" with its own findings."
"The company moved quickly once it detected the intrusion, isolating the compromised device, removing the extension, and rotating critical credentials within hours. GitHub stressed that the activity involved exfiltration of internal repositories only and that it had found no evidence of impact to customer data, enterprise accounts, or user-hosted repositories."
"The cybercrime group TeamPCP, also tracked as UNC6780, claimed credit for the attack on the Breached hacking forum, where it offered the stolen data, which it described as proprietary source code and internal organisation files, for at least $50,000. The group said it would leak the material if no buyer materialised."
GitHub confirmed that the cybercrime group TeamPCP exfiltrated approximately 3,800 internal repositories after compromising an employee device via a malicious Visual Studio Code extension obtained from the official marketplace. The attacker gained access through the single extension installation and then reached thousands of private repositories. TeamPCP, also tracked as UNC6780, claimed credit and offered the stolen material on a hacking forum as proprietary source code and internal organizational files for at least $50,000, with a threat to leak if no buyer appeared. GitHub isolated the compromised device, removed the extension, and rotated critical credentials within hours. GitHub reported no evidence of impact to customer data, enterprise accounts, or user-hosted repositories, but the incident underscores supply chain risks in developer tooling.
#supply-chain-attacks #developer-tools-security #malicious-vs-code-extensions #repository-exfiltration #credential-rotation
Read at TNW | Data-Security
Unable to calculate read time
Collection
[
|
...
]