GitHub Investigating TeamPCP Alleges Breach of ~4,000 Internal Repositories
GitHub on Tuesday said it was investigating unauthorized access to its internal repositories after a hacker known as TeamPCP posted the platform’s source code and internals for sale on a cybercrime forum.
“While we currently have no evidence of an impact on customer information stored outside of GitHub’s internal repositories (such as our customers’ businesses, organizations, and repositories), we are closely monitoring our infrastructure for the next step,” said the Microsoft subsidiary.
The company also noted that it will notify customers of the incident response and notification channels if an impact is detected.
The development comes after TeamPCP, the threat actor behind a series of software attacks targeting open source packages, has written the GitHub source code for sale at an asking price of no less than $50,000. The alleged data dump is said to include about 4,000 databases.
“As usual, this is not a ransom,” the group said in the post, according to screenshots shared by Dark Web Informer. “We don’t mind scamming GitHub, 1 buyer and split the data in the end, it looks like our retirement is coming soon so if no buyer is found, we reward you for free.”
In a follow-up update shared on X, GitHub said it found and contained a worker resource compromise that included a toxic extension for Microsoft Visual Studio Code. As a measure to reduce risk, the company has circulated sensitive secrets, while prioritizing credentials with the highest impact.
“Our current assessment is that the operation involves the deprecation of GitHub’s internal repositories only,” GitHub said. “The attacker’s current claims of ~3,800 endpoints are consistent with our investigation to date.”
After the incident, the X account linked to TeamPCP, xploitrsturtle2, said: “GitHub has known for hours, they are slow to tell you and will not be honest in the future. What an amazing run, it has been an honor to play with the cats for the last few months.”
TeamPCP Download PyPI Package for robust work
News of the sale comes as TeamPCP’s self-replicating malware campaign, known as Mini Shai-Hulud, continues to grow to be accessible via a compromise of durabletask, an official Microsoft Python client for the Durable Task workflow execution framework. Three versions of the malicious package have been identified: 1.4.1, 1.4.2, and 1.4.3.
“The attacker compromised the GitHub account in a previous attack, dumped GitHub secrets in a user-accessible repository, and from there was able to access the PyPi token to publish directly,” said Google-owned Wiz.
The payload embedded in the package is a dropper, configured to download and execute a second-tier payload (“rope.pyz”) from an external server (“check.git-service[.]com”). The malware is analyzed as a variant of the payload used in relation to the Guardrails-ai package vulnerability last week.
Specifically, it is designed to activate a full-featured infostealer that can harvest credentials associated with major cloud providers, password managers, and developer tools, and extract data from an attacker-controlled domain. It is worth noting that the stealer is configured to run only on Linux systems.
According to SafeDep, the 28KB Python stealer also tries to read HashiCorp Vault KV secrets, open and crack 1Password and Bitwarden password vaults, and access SSH keys, Docker credentials, VPN configuration, and shell history.
“If the machine is running within AWS, you propagate it to other EC2 instances using SSM. If you are inside Kubernetes, you propagate it with kubectl exec,” Aikido Security said. “And if it gets Israeli or Iranian system settings, there’s a 1-in-6 chance it’ll play audio and run rm -rf /*.”
“After enumerating the instances managed by SSM, it uses SendCommand and the AWS-RunShellScript document to deploy the rope.pyz payload to another 5 EC2 instances per profile,” according to StepSecurity. “The distribution script downloads the payload from the primary C2, back to the secondary domain tm-kosche[.]com, and run it in the background.”
Another notable feature is the use of the FIRESCALE method to identify a backup command-and-control (C2) address in the event the primary site is unavailable. It does this by searching GitHub public commit messages for the pattern “FIRESCALE
Because the worm spreads using shared tokens on infected sites, the number of affected packages is expected to grow. Any machine or pipeline that has installed an affected version of the package should be considered completely vulnerable.
“The package is downloaded approximately 417,000 times per month, and the malicious code runs automatically when the package is imported, with no error messages and no visible signs of compromise,” said Endor Labs researcher Peyton Kennedy.
