A software supply chain attack, where hackers corrupt legitimate software to inject malicious code, was once a relatively rare event. Now, **TeamPCP** has turned this threat into a near-weekly occurrence, corrupting hundreds of open-source tools and sowing distrust in the software development ecosystem. ### GitHub Breach: The Latest Victim On Tuesday, **GitHub** announced a breach stemming from a software supply chain attack. A **GitHub** developer installed a compromised extension for **VSCode**, a code editor owned by **Microsoft**. **TeamPCP** claims to have accessed approximately 4,000 of **GitHub**'s code repositories. **GitHub** confirmed the compromise of at least 3,800 repositories containing its own code, not customer code. "We are here today to advertise GitHub’s source code and internal orgs for sale," **TeamPCP** posted on BreachForums, offering samples to verify authenticity. ### A Prolific Campaign The **GitHub** breach is just the latest in a series of software supply chain attacks. According to **Socket**, **TeamPCP** has conducted 20 "waves" of attacks in recent months, hiding malware in over 500 distinct software packages. These compromised tools have allowed **TeamPCP** to breach numerous companies. **Ben Read** of **Wiz** notes that while the **GitHub** breach may be the largest, each incident has a significant impact on the affected organization. ### Modus Operandi: A Cyclical Attack **TeamPCP**'s core tactic involves exploiting software developers. They gain access to networks where open-source tools are developed, such as the **VSCode** extension or the **AntV** data visualization software. The malware is then planted within the tool, infecting other developers' machines. This allows the hackers to steal credentials and publish malicious versions of software development tools, creating a self-perpetuating cycle of compromises. ### Mini Shai-Hulud: Automation Through Worms Recently, **TeamPCP** has automated its attacks using a self-spreading worm known as Mini Shai-Hulud. This worm creates **GitHub** repositories containing encrypted credentials stolen from victims, referencing the sci-fi novel *Dune*. This worm is likely inspired by the Shai-Hulud supply chain compromise worm that appeared in September, though there's no confirmed connection between **TeamPCP** and that earlier malware. ### Attention-Seeking Tactics **Philipp Burckhardt** of **Socket** notes that **TeamPCP** seeks attention, highlighting their dark-web site featuring *Matrix*-style visuals and the tagline "TEAMPCP: The Cats Hijacking Your Supply Chains." Before focusing on supply chain attacks, **TeamPCP** exploited cloud misconfigurations and a vulnerability in **Next.js** to deploy a botnet for credential theft and cryptocurrency mining. **Nathaniel Quist** of **Palo Alto Networks** emphasizes the rapid spread of these attacks, driven by the exploitation of long-lived credentials and authentication tokens. ### Financial Motivation and Geopolitical Undertones **TeamPCP** appears financially motivated, engaging in ransomware and data extortion. They have also shown a willingness to sell stolen data. In the **GitHub** case, they stated they were not seeking a ransom but would sell the data to a single buyer before destroying it. The group has also ventured into geopolitics, deploying the CanisterWorm wiper, which targeted Iranian **Kubernetes** cloud infrastructure. Additionally, an entity claiming to be **TeamPCP** leaked the source code of the original Shai Hulud worm. ### Expanding Target Scope **TeamPCP**'s targeting expanded significantly in March, embedding an infostealer in the open-source security scanner **Trivy**. They then used stolen credentials to compromise versions of the **LiteLLM** AI API tool on **PyPI**. They have also targeted **Checkmarx**, **pgserve**, **TanStack**, and **Mistral AI**. ### Severe Fallout and Mitigation Strategies The attacks have led to breaches at the **European Commission**, **Mercor**, and **OpenAI**, among others. **Quist** emphasizes the importance of security "hygiene" practices, such as carefully managing authentication tokens and implementing access restrictions, to mitigate the risk. "The biggest opportunistic thing that’s making this operation successful is long-lived credentials in these environments," Quist added, highlighting the need for robust credential management practices.