GitHub Confirms 3,800 Repos Stolen in Supply Chain Attack

GitHub confirmed on May 20 that attackers compromised roughly 3,800 internal repositories through a poisoned VS Code extension installed on an employee device. The threat group TeamPCP (tracked as UNC6780 by Google) claimed responsibility and is selling access starting at $50,000. The breach exposed infrastructure configurations, deployment scripts, staging credentials, and internal API schemas, constituting an infrastructure intelligence leak rather than source code exposure. The incident occurred amid a broader 48-hour window in which five supply chain surfaces failed, including compromises to Microsoft's Python SDK on PyPI and malicious npm packages with forged cryptographic provenance.
TL;DR
- GitHub confirms 3,800 internal repos stolen via poisoned VS Code extension on employee device
- TeamPCP (UNC6780) claims responsibility, advertising stolen repos for sale starting at $50,000
- Breach exposed infrastructure configs, deployment scripts, staging credentials, and internal API schemas
- Attack part of broader supply chain campaign hitting npm, PyPI, and Microsoft products across 48 hours
Why It Matters
This breach demonstrates how supply chain attacks now target developer tools and infrastructure at scale. TeamPCP has executed at least seven confirmed waves against open-source security utilities and AI middleware since March 2026, including Trivy, LiteLLM, and Mistral AI. The convergence of multiple supply chain failures in 48 hours shows attackers are systematically compromising the toolchain that developers rely on to build and secure AI systems.
Business Impact
Stolen infrastructure credentials and deployment scripts dramatically shorten the reconnaissance phase before exploitation. Verizon's 2026 DBIR found 67% of employees access AI tools through non-corporate accounts, expanding the attack surface. For operators and founders, this underscores the need to rotate secrets immediately, audit third-party extensions and dependencies, and assume that internal infrastructure details may be exposed even if source code is not.
Key Implications
- Developer tools and IDE extensions are now primary attack vectors for supply chain compromise, not just package repositories
- Stolen infrastructure intelligence (configs, credentials, API schemas) enables faster exploitation than source code alone
- Multiple coordinated supply chain failures in short timeframes suggest organized, well-resourced threat actors targeting the AI development ecosystem
- Employee device compromise remains a critical weak point despite enterprise security controls
What to Watch
Monitor for further TeamPCP activity and copycat campaigns targeting VS Code extensions, npm packages, and PyPI. Track whether stolen GitHub credentials are used to access other Microsoft or enterprise systems. Watch for disclosure of which specific VS Code extension was poisoned and whether similar extensions remain compromised. Expect increased scrutiny of extension marketplaces and package repository security controls.
Subscribe to the newsletter
The latest stories and analysis, delivered to your inbox.
Free. No spam. Unsubscribe any time.


