TeamPCP poisons open source code, breaches GitHub and OpenAI

A hacker group known as TeamPCP has launched the most sustained software supply chain attack campaign on record, poisoning hundreds of open source tools and breaching major companies including GitHub and OpenAI. In their latest incident, TeamPCP compromised GitHub's internal systems by tricking a developer into installing a malicious VSCode extension. GitHub confirmed that at least 3,800 of its repositories were accessed, though all contain GitHub's own code, not customer data. The group has publicly offered to sell access to GitHub's source code on cybercriminal forums. This breach is part of a larger pattern: Over the past few months, TeamPCP has executed 20 waves of attacks, hiding malware in more than 500 distinct software packages—or over a thousand counting different versions.

TeamPCP's core tactic is a cyclical 'flywheel' of exploitation: They poison open source tools commonly used by developers (like the VSCode extension or data visualization software AntV), which then infects other developers' machines. The malware steals credentials, allowing TeamPCP to publish malicious versions of further development tools, repeating the cycle. The group has recently automated these attacks using a self-spreading worm called 'Mini Shai-Hulud,' which creates GitHub repositories stuffed with stolen credentials. Besides GitHub, their victim list includes AI firm OpenAI and data contractor Mercor. Security researchers note that each individual breach is severe, but the scale and automation make this an unprecedented threat to the open source ecosystem.