GitHub confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension, tracing the attack to the broader TanStack npm supply-chain compromise.
The Attack Vector
The attack vector was a trojanized version of the Nx Console VS Code extension, compromised as part of the TanStack npm supply-chain attack. The malicious extension was live on Visual Studio Marketplace for only 18 minutes, but this short window was enough for attackers to distribute a credential stealer capable of harvesting sensitive data from:
- 1Password vaults
- Anthropic Claude Code configurations
- npm credentials
- GitHub tokens
- Amazon Web Services (AWS) access keys
Threat Actor
The attack is attributed to the TeamPCP threat group. The breach began with the compromise of dozens of TanStack and Mistral AI npm packages, then quickly extended to other projects including UiPath, Guardrails AI, and OpenSearch using stolen CI/CD credentials.
Ransom Demands
The TeamPCP hacking group first demanded "at least $50,000" for the stolen data before reportedly posting an ad partnering with the Lapsus$ threat group to sell the stolen data for $95,000.
GitHub's Response
The company secured the compromised employee device and rotated high-priority secrets after discovering the intrusion. GitHub stated that it has no evidence that customer data outside the affected internal repositories was stolen.
Broader Supply Chain Implications
This incident illustrates how a single poisoned package in a popular developer tool can cascade across the software supply chain, affecting organizations far beyond the initial target. The 18-minute window during which the malicious extension was available underscores the need for real-time monitoring of developer tool ecosystems rather than periodic scanning alone.