GitHub 已成为 TeamPCP 的最新受害者;这个骇客组织把软体供应链攻击从罕见威胁变成了几乎每周都会发生的事件。周二晚间,GitHub 表示有一名开发者安装了带毒的 VSCode 扩充套件,使攻击者得以接触约 4,000 个程式码储存库,其中至少 3,800 个已确认遭入侵;GitHub 说这些储存库包含的是其自身程式码,而非客户资料。TeamPCP 还公开提出出售 GitHub 的原始码与内部系统,将这次入侵包装成吸引买家的手段,而不是传统的赎金要求。
GitHub 事件只是更大规模行动的一部分。Socket 表示,TeamPCP 近几个月来已发动 20 波供应链攻击,在超过 500 个不同软体套件中藏入恶意程式,若把变体算进去,版本数更超过 1,000。这些带毒套件已帮助该组织入侵数百家机构,包括 Anthropic、Mercor、OpenAI、欧盟委员会、Checkmarx、LiteLLM、TanStack、Mistral AI 以及其他目标。调查人员说,这个组织的方法呈周期性:先攻陷开发者工具,窃取凭证,向其他工具发布恶意更新,再重复这一流程,形成一个自我延续的感染飞轮。
TeamPCP 看起来正变得越来越自动化,而且有明确的财务动机,使用名为 Mini Shai-Hulud 的自我传播蠕虫,并且自 4 月以来,透过 BreachForums 和 DragonForce 采取 ransomware-as-a-service 的方式。该组织于 2025 年底以滥用云端错误设定和一个 Next.js 漏洞而出现,之后在 3 月随著其入侵更多软体工具而急速扩张。资安专家表示,关键弱点是长期有效的凭证,尤其是 personal access tokens 和云端金钥,并建议轮换 token、限制存取,以及在部署前延后新发布的更新。文章警告,auto-updates 可能让快速侦测失效,因为有些使用者在几分钟内就已安装恶意程式码,因此在开源供应链攻击持续加速之际,信任但验证的做法至关重要。
GitHub has become the latest victim of TeamPCP, a hacker group that has turned software supply chain attacks from a rare threat into a near-weekly event. On Tuesday night, GitHub said a developer had installed a poisoned VSCode extension, allowing attackers to reach about 4,000 code repositories, with at least 3,800 confirmed compromised; GitHub said those repos contained its own code rather than customer data. TeamPCP publicly offered GitHub source code and internal systems for sale, framing the breach as a way to attract buyers rather than a conventional ransom demand.
The GitHub incident sits inside a much larger campaign. Socket says TeamPCP has launched 20 waves of supply chain attacks in just the last few months, hiding malware in more than 500 distinct software packages, or well over 1,000 versions when variants are counted. Those poisoned packages have helped the group breach hundreds of organizations, including Anthropic, Mercor, OpenAI, the European Commission, Checkmarx, LiteLLM, TanStack, Mistral AI, and other targets. Investigators say the group’s method is cyclical: compromise a developer tool, steal credentials, publish malicious updates to other tools, and repeat, creating a self-perpetuating flywheel of infections.
TeamPCP appears to be increasingly automated and financially motivated, using a self-spreading worm called Mini Shai-Hulud and, since April, a ransomware-as-a-service approach through BreachForums and DragonForce. The group emerged in late 2025 with cloud misconfiguration abuse and a Next.js flaw, then expanded sharply in March as it compromised more software utilities. Security experts say the key weakness is long-lived credentials, especially personal access tokens and cloud keys, and recommend rotating tokens, restricting access, and delaying newly published updates before deployment. The article warns that auto-updates can defeat rapid detection, since some users had already installed malicious code within minutes, making trust-but-verify practices essential as open source supply chain attacks keep accelerating.