A single hacker group has pulled off more software supply chain attacks in the last few months than most security researchers see in years — and their latest victim is GitHub itself.
The group, known as TeamPCP, has infected over 500 distinct open source packages across 20 separate attack waves, according to cybersecurity firm Socket. That's not a typo. Five hundred packages. And counting all the different versions of compromised code, the number climbs well past a thousand. For an attack type that used to be a rare, haunting exception in cybersecurity circles, this is an extraordinary volume.
The GitHub breach — confirmed by the company this week — is their most high-profile hit yet. The entry point was almost embarrassingly mundane: a developer at GitHub installed a compromised VSCode extension, a plug-in for a popular code editor. That one poisoned install gave TeamPCP access to roughly 3,800 internal GitHub repositories. The company says the exposed code appears to be its own internal software, not customer data, but the investigation is ongoing.
TeamPCP wasted no time advertising their haul. On BreachForums, the group posted an offer to sell GitHub's source code and internal organization data, claiming to have samples ready for anyone who wants to verify the goods. It reads like a Craigslist listing, if Craigslist listings could destabilize global software infrastructure.
Here's why this matters beyond the GitHub name on the headline: the open source software ecosystem is the invisible foundation under nearly every application you use. When attackers corrupt a tool that thousands of developers trust and install without a second thought, the blast radius is enormous. TeamPCP's playbook is to compromise a legitimate, widely-used tool — think data visualization libraries, code editor extensions, developer utilities — plant malware inside it, and then wait for the infections to spread naturally as developers do what developers do: download and use software.
Ben Read, who leads threat intelligence at cloud security firm Wiz, put it plainly. GitHub may be the biggest name TeamPCP has taken down, but it's not qualitatively different from the roughly 14 breaches the group pulled off the week before. The organizations just weren't famous enough for anyone outside their industry to notice.
Previous victims include OpenAI and data contracting firm Mercor. The pattern suggests TeamPCP isn't going after specific high-value targets with surgical precision — they're casting an extraordinarily wide net and monetizing whatever they catch, whether through extortion or selling access to the highest bidder.
The deeper problem is structural. Open source software runs on trust. Developers share code, build on each other's work, and install packages without auditing every line. That collaborative culture is what makes open source so powerful — and exactly what TeamPCP is exploiting. There's no clean fix here. Better tooling and more scrutiny help, but as long as developers need to move fast and software supply chains remain complex, groups like TeamPCP will keep finding unlocked doors.
For now, the question isn't whether another major company is on TeamPCP's list. It's which one, and when.