top of page

GitHub's 3,800 Internal Repositories Compromised Through Malicious VS Code Extension

  • May 20
  • 2 min read

Key Findings


  • GitHub's internal repositories were compromised after an employee device was infected with a malicious Visual Studio Code extension

  • Approximately 3,800 internal repositories were exfiltrated in the attack

  • TeamPCP, a financially motivated hacking group, claimed responsibility and is selling the stolen data for around $95,000

  • GitHub confirmed it detected, contained and isolated the breach; no customer data outside internal repositories was affected

  • Critical credentials were rotated immediately with highest-impact secrets prioritized

  • The incident highlights the vulnerability of developer environments to supply chain attacks


Background


GitHub, owned by Microsoft, serves as a central platform for software development across companies, governments, open-source maintainers and independent developers. Its internal systems and code repositories are high-value targets because the platform supports code hosting, package distribution, automation and identity workflows across much of the global software industry. The breach occurred on May 19, 2026 and was publicly disclosed May 20, 2026.


Attack Vector: Poisoned VS Code Extension


A single trojanized Visual Studio Code extension compromised an employee's device, giving attackers direct access to GitHub's internal systems. VS Code extensions operate with full access to developer machines, including credentials, cloud keys and SSH keys. Security researchers note that standard endpoint detection and response tools do not cover this layer of vulnerability, creating a significant blind spot for most organizations.


TeamPCP and the Broader Campaign


TeamPCP, tracked by Google Threat Intelligence as UNC6780, has conducted at least five major supply chain attacks in 2026 alone, including breaches of Checkmarx, Bitwarden CLI and TanStack. The group uses an advanced self-replicating infostealer worm called Mini Shai-Hulud that automates credential theft from CI/CD pipelines and developer environments. After stealing valid tokens, attackers republish infected versions of legitimate software packages to spread compromises further downstream.


The Fragility of Developer Ecosystems


Recent supply chain attacks involving npm, PyPI, Docker and other developer ecosystems demonstrate how a single compromised account, package, extension or build process can provide access to countless downstream systems. Developer workstations have become the primary target for sophisticated threat actors because they sit at the convergence of source code, credentials and build automation. VS Code's Marketplace has struggled to police malicious extensions at scale, with trojanized tools sometimes accumulating large installation counts before detection and removal.


Security Gaps in Developer Infrastructure


Most organizations lack visibility into what extensions and packages actually run on developer machines or the ability to control them. The day before GitHub's breach became public, the Nx Console extension with 2.2 million installations was also briefly compromised. While the community identified it in 11 minutes, automatic updates had already propagated the malicious version to countless machines in that window. GitHub has not yet publicly named the specific extension used in its breach, complicating efforts to block the threat.


GitHub's Response and Ongoing Investigation


GitHub isolated the affected endpoint, removed the malicious extension version and immediately rotated critical secrets with highest-impact credentials prioritized first. The company stated its assessment that only internal repositories were compromised and that GitHub acknowledged TeamPCP's claim of 3,800 impacted repositories as "directionally consistent" with its investigation. GitHub continues analyzing logs, validating secret rotation and monitoring for follow-on activity but has not publicly attributed the attack to a specific threat actor beyond TeamPCP's own claim.


Sources


  • https://cyberscoop.com/github-internal-repositories-vs-code-extension-attack/

  • https://hackread.com/github-breach-teampcp-repositories-vs-code-extension/

  • https://securityaffairs.com/192440/cyber-crime/a-malicious-vs-code-extension-just-breached-github-s-internal-repositories.html

  • https://coinfomania.com/github-confirms-breach-of-3800-repos-via-poisoned-vs-code-extension/

  • https://cybersecuritynews.com/github-data-breach/

  • https://www.how2shout.com/news/github-internal-repository-breach-3800-repos-vscode-extension-teampcp.html

Recent Posts

See All

Comments


  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page