GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

Ravie LakshmananMay 20, 2026Malware / Cloud Security

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum.

"While we currently have no evidence of impact to customer information stored outside of GitHub's internal repositories (such as our customers' enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity," the Microsoft-owned subsidiary said.

The company also noted that it will notify customers via established incident response and notification channels if any impact is discovered.

The development comes after TeamPCP, a threat actor behind a string of software supply chain attacks targeting open-source packages, listed GitHub's source code for sale for an asking price of no less than $50,000. The alleged data dump is said to include about 4,000 repositories.

"As always, this is not a ransom," the group said in a post, according to screenshots shared by Dark Web Informer. "We do not care about extorting GitHub, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found, we leak it for free."

In a follow-up update shared on X, GitHub said it detected and contained a compromise of an employee device involving a poisoned Microsoft Visual Studio Code extension. As a risk mitigation measure, the company has rotated critical secrets, while prioritizing highest-impact credentials.

"Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only," GitHub said. "The attacker's current claims of ~3,800 repositories are directionally consistent with our investigation so far."

GitHub did not disclose the name of the VS code extension, although it's worth noting that Nx Console recently suffered a compromise that allowed threat actors to push a multi-stage credential stealer and a supply chain poisoning tool. The Nx team has since acknowledged that "very few users were compromised."

Following the incident, an X account linked to TeamPCP, xploitrsturtle2, stated: "GitHub knew for hours, they delayed telling you and they won't be honest in the future. What an amazing run, it's been an honor to play around with the cats over the past few months."

TeamPCP Compromises durabletask PyPI Package

News of the sale comes as TeamPCP's self-replicating malware campaign, known as Mini Shai-Hulud, continues to expand in reach with the compromise of durabletask, an official Microsoft Python client for the Durable Task workflow execution framework. Three malicious package versions have been identified: 1.4.1, 1.4.2, and 1.4.3.

"The attacker compromised a GitHub account via a previous attack, dumped GitHub secrets from a repository to which the user had access, and from there had access to the PyPi token to publish directly," Google-owned Wiz said.

The payload embedded into the package is a dropper, which is configured to fetch and run a second-stage payload ("rope.pyz") from an external server ("check.git-service[.]com"). The malware is assessed to be an evolution of the payload deployed in connection with the compromise of the guardrails-ai package last week.

Specifically, it's designed to activate a full-featured infostealer that's capable of harvesting credentials associated with major cloud providers, password managers, and developer tools, and exfiltrating the data to the attacker-controlled domain. It's worth noting that the stealer is configured to execute only on Linux systems.

According to SafeDep, the 28KB Python stealer also attempts to read HashiCorp Vault KV secrets, unlock and dump 1Password and Bitwarden password vaults, and access SSH keys, Docker credentials, VPN configurations, and shell history.

"If the machine is running inside AWS, it propagates itself to other EC2 instances using SSM. If it's inside Kubernetes, it propagates through kubectl exec," Aikido Security said. "And if it detects Israeli or Iranian system settings, there's a 1-in-6 chance it plays audio and then runs rm -rf /*."

"After enumerating SSM-managed instances, it uses SendCommand with the AWS-RunShellScript document to execute the rope.pyz payload on up to 5 other EC2 instances per profile," per StepSecurity. "The propagation script downloads the payload from the primary C2, falling back to the secondary domain t.m-kosche[.]com, and runs it in the background."

Also notable is the use of the FIRESCALE mechanism to identify a backup command-and-control (C2) address in the event the primary domain is unreachable. It does this by searching GitHub's public commit messages for the pattern "FIRESCALE ." and extracting the C2 information from it. Details of this technique were previously highlighted by Hunt.io.

Because the worm propagates using tokens stolen from infected environments, the number of affected packages is expected to grow. Any machine or pipeline that installed an affected version of the package should be treated as fully compromised.

"The package is downloaded roughly 417,000 times a month, and the malicious code runs automatically the moment the package is imported, with no error messages and no visible signs of compromise," Endor Labs researcher Peyton Kennedy said.

Update

The LAPSUS$ cybercrime group has teamed up with TeamPCP for a joint sale of GitHub repositories for $95,000. "Everything for the main platform is there," says an accompanying statement, per screenshots from Dark Web Informer. "No ransom, we do not care about extorting GitHub. If no buyer is found, we leak for free."

According to security researcher Rakesh Krishnan, the leaked repositories are related to GitHub Actions, agentic workflows, Copilot internal projects, CodeQL tools, internal infrastructure, security tools, marketing, and GitHub-related programs like Codespaces and Dependabot. Also included is a Rails controller and a Pull Requests Controller that are responsible for managing organizations and every pull request.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

SHARE    

Tweet Share Share Share

SHARE  AWS, Cloud security, cybersecurity, GitHub, Kubernetes, Malware, Microsoft, PyPI, Software Supply Chain

⚡ Top Stories This Week

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

The New Phishing Click: How OAuth Consent Bypasses MFA

Developer Workstations Are Now Part of the Software Supply Chain

⭐ Featured Resources

Claim ANY.RUN Anniversary Offer for Faster Malware Analysis

[Guide] Learn to Detect AI Typosquatting Risks in Your Domain

[Guide] Get Key Identity Security Insights From 2026 Snapshot

Discover How to Navigate the Era of Constant Cyber Exposure

Cybersecurity Webinars

With HD Moore (Creator of Metasploit) Learn How to Detect Threats Beyond Zero Day Attacks Learn practical strategies to detect and defend against cyber threats beyond zero-day vulnerabilities. Register

Tired of False Positives? Validate Automated Pentesting Results Before Acting Learn how to validate automated pentesting results for accurate security decisions. Register

⚡ Latest News

Cybersecurity Resources

AI Is Reshaping Every Attack Surface. Train for What's NextSANSFIRE 2026 in D.C. brings 50+ courses, AI-focused sessions, and NetWars. July 13–18. Save $500. Your VPN is Helping Attackers Move as Fast as AIAI collapsed human response window and turned remote access into fastest path to breach. Earn a Master's in Cybersecurity Risk ManagementLead the future of cybersecurity risk management with an online Master’s from Georgetown. ​

Expert Insights Articles Videos

You Can't Patch Your Way Out of This One

May 25, 2026 Read ➝

How to Test Ransomware Recovery Without Reinfecting Your Environment

May 25, 2026 Read ➝

The Scam Before the Game: CTM360 Reveals Threats Targeting FIFA World Cup 2026 Fans

May 25, 2026 Read ➝

7 Signs Your Organization Is Vulnerable to Business Email Compromise

May 18, 2026 Read ➝

Get the Latest News in Your Inbox Get the latest news, expert insights, exclusive resources, and strategies from industry leaders, all for free.

Email