GitHub says attackers accessed thousands of internal repositories after a company employee’s device was compromised through a malicious Visual Studio Code extension, though the company said it has removed the malicious extension, isolated the compromised endpoint, and launched an investigation.
The company confirmed that approximately 3,800 internal repositories were affected. GitHub stated that investigators have not found evidence of impact to customer repositories or enterprise environments outside GitHub’s own systems.
The hacking group TeamPCP later claimed responsibility for the intrusion in a post on the Breached cybercrime forum. The group alleged it had obtained source code and thousands of private repositories and sought at least $50,000 for the data.
GitHub has not formally attributed the attack to TeamPCP, though the company acknowledged that the group’s public claims are generally consistent with the scope of the ongoing investigation.
The GitHub breach is the latest example of the increasing attacks against software development infrastructure. Hackers view developer platforms as efficient paths into enterprise systems because a single compromise can create downstream access across multiple companies.
GitHub said it continues to review logs, rotate credentials and monitor for additional malicious activity tied to the incident. The company said it plans to publish a more detailed report once its investigation is complete.
Protecting Dev Tools
Enterprise security teams are facing a growing challenge these days: protecting not only production systems, but also the interconnected tools that developers are using. Over the past several years, malicious extensions and backdoored open source packages have been used to distribute credential stealers and ransomware.
Visual Studio Code extensions are commonly used to add features and integrations to Microsoft’s widely adopted code editor. Because these extensions often operate with elevated permissions inside development environments, compromised plugins can provide attackers with access to internal systems.
Earlier incidents involving the VS Code marketplace included extensions masquerading as legitimate developer tools that secretly harvested credentials or deployed malware. In January, researchers identified malicious AI-themed coding assistant extensions that reportedly transmitted data from compromised systems to infrastructure located in China.
TeamPCP has emerged as a notable actor in software supply chain attacks targeting open source ecosystems. Researchers have linked the group to campaigns involving GitHub Actions workflows, npm packages, Docker environments and PyPI repositories.
Several of those operations focused on stealing sensitive developer information including SSH keys, Kubernetes configurations and cloud credentials. Researchers have also connected the group to compromised software packages distributed through legitimate repositories and typosquatting campaigns designed to trick developers into downloading malicious code.
The risk of attacks has expanded further as companies adopt AI-assisted coding tools and open source dependencies to accelerate software development. Many enterprises now rely on large ecosystems of third-party plugins and extensions that can introduce additional security exposure.