GitHub probes TeamPCP claim to sell source code from 4,000 repos

GitHub, owned by Microsoft, is investigating alleged unauthorized access after a threat actor calling itself TeamPCP posted source code and internal organization data for sale on a cybercrime forum. The posting claimed roughly 4,000 repositories and listed a minimum asking price of $50,000.

GitHub wrote in a statement, “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.” The company added it will notify customers through established incident response and notification channels if any impact is discovered.

The group posted, “As always, this is not a ransom. We do not care about extorting GitHub, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found, we leak it for free.”

The disclosure comes amid a separate software supply-chain campaign attributed to TeamPCP, named Mini Shai-Hulud, that has targeted open-source packages. Security researchers identified three malicious versions of durabletask, an official Microsoft Python client: 1.4.1, 1.4.2 and 1.4.3.

Investigators report the attacker compromised a GitHub account, extracted secrets from a repository the account could access, and used a stolen PyPI token to publish the malicious package versions directly to the Python Package Index.

The injected code in durabletask acts as a dropper that fetches a second-stage payload called rope.pyz from an external server. Analysts describe the second-stage payload as an infostealer that collects credentials and configuration data tied to major cloud providers, password managers and developer tools, then exfiltrates that data to attacker-controlled domains.

The stealer is configured to run on Linux systems and attempts to read HashiCorp Vault KV secrets, unlock and dump 1Password and Bitwarden vaults, and access SSH keys, Docker credentials, VPN settings and shell history.

The malware includes propagation features. On Amazon Web Services, it uses AWS Systems Manager to execute the payload on other EC2 instances. In Kubernetes environments it spreads via kubectl exec. One analysis noted the campaign can use SendCommand with the AWS-RunShellScript document to run the payload on up to five other EC2 instances per profile.

The operation also uses a backup command-and-control discovery method called FIRESCALE, which scans public GitHub commit messages for embedded base64 data that identifies alternate C2 addresses if the primary domain is unreachable.

Researchers warned the number of affected packages and build pipelines could grow because the worm spreads using tokens stolen from infected environments. One estimate placed downloads of the compromised package at about 417,000 per month and said the malicious code executes automatically when the package is imported.

Security teams and developers have been advised to audit package dependencies, rotate exposed credentials and investigate any signs of unauthorized activity in build and deployment systems. Investigators recommended treating any machine or pipeline that installed an affected package version as fully compromised.

GitHub said it is monitoring its infrastructure for follow-on activity and will communicate directly with customers impacted by any confirmed exposure.