A hacker group is poisoning open source code at an unprecedented scale

['The cybersecurity world has long been haunted by the threat of software supply chain attacks, in which hackers corrupt legitimate software to hide their own malicious code. What was once a relatively rare event has now become a near-weekly occurrence, thanks to the efforts of one particularly prolific group of cybercriminals. TeamPCP, as the group is known, has been poisoning open source code on an unprecedented scale, leaving a trail of compromised software and extorted victims in its wake.', "The group's latest exploit was revealed on Tuesday night, when GitHub announced that it had been breached through a software supply chain attack.

A GitHub developer had installed a 'poisoned' extension for VSCode, a plug-in for a commonly used code editor owned by Microsoft. As a result, TeamPCP claims to have accessed around 4,000 of GitHub's code repositories. According to GitHub's statement, at least 3,800 compromised repositories were found, although they all contained GitHub's own code, not that of customers.", "The breach is just the latest example of TeamPCP's activities.

The group has been corrupting hundreds of open source tools, using them to extort victims for profit and sowing a new level of distrust in the ecosystem used to create the world's software. The group's tactics have raised concerns about the security of the software supply chain and the potential for hackers to use compromised code to gain access to sensitive information.", "In a post on BreachForums, a forum and marketplace for cybercriminals, TeamPCP boasted about its breach of GitHub, claiming to have accessed the platform's source code and internal organizations. 'We are here today to advertise GitHub's source code and internal orgs for sale,' the group wrote.

'Everything for the main platform is there and I very am happy to send samples to interested buyers to verify absolute authenticity.'"]