Full Report
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
Analysis Summary
# Threat Actor: TeamPCP
## Attribution & Identity
TeamPCP is an increasingly notorious cybercriminal gang characterized by their aggressive and industrialized approach to software supply chain attacks. The group maintains a presence on BreachForums and operates a dedicated dark-web leak site featuring customized aesthetics (e.g., *Matrix*-style visuals and reggae music) and links for ransom negotiations. While their exact geographic origin is not confirmed, they demonstrate high technical proficiency in automating supply chain compromises.
## Activity Summary
The group is currently engaged in an unprecedented, high-velocity spree of supply chain attacks. Over a few months, they have executed 20 "waves" of attacks, poisoning over 500 distinct software packages and more than 1,000 specific versions. Their primary operational model is a "flywheel" effect: compromising one developer to gain credentials, which are then used to poison the tools that developer maintains, thereby reaching secondary and tertiary targets.
**Notable Recent Operations:**
* **GitHub (May 2026):** Compromised approximately 3,800–4,000 repositories by poisoning a VSCode extension used by a GitHub developer. The group subsequently offered GitHub's internal source code for sale.
* **AntV Hijacking:** Corruption of this data visualization software to spread malware.
* **Worm Automation:** Implementation of a self-spreading mechanism to accelerate credential theft across open-source ecosystems.
## Tactics, Techniques & Procedures
TeamPCP utilizes a "cyclical exploitation" strategy involving:
* **Software Supply Chain Compromise:** Corrupting open-source tools and extensions (e.g., VSCode plugins) to gain initial access to developer workstations.
* **Credential Theft:** Extracting credentials from compromised environments to gain administrative or publishing rights for other software projects.
* **Wormable Propagation:** Use of automated scripts to facilitate widespread distribution.
* **Publicity & Extortion:** Broadcasting breaches on BreachForums and utilizing dark-web leak sites for "brand" awareness and ransom negotiations.
**MITRE ATT&CK Mapping (Derived):**
* **T1195.002:** Supply Chain Compromise: Compromise Software Dependencies and Development Tools.
* **T1555:** Credentials from Password Stores.
* **T1080:** Taint Shared Content.
* **T1567:** Exfiltration Over Web Service.
## Targeting
* **Sectors:** Technology, Software Development, Artificial Intelligence, and Data Analytics.
* **Geography:** Global (targeting ubiquitous open-source platforms and cloud-based organizations).
* **Victims:**
* GitHub (Microsoft-owned)
* Anthropic (AI sector)
* Mercor (Data contracting)
* Hundreds of organizations utilizing poisoned open-source packages.
## Tools & Infrastructure
* **Malware:** **Mini Shai-Hulud**, a self-spreading worm that automates credential theft and leaves traces in GitHub repositories.
* **Infrastructure:**
* **BreachForums:** Used for data advertising and verification.
* **Leak Site:** A dark-web site used for negotiation and showcasing stolen data.
* **Repository Poisoning:** Frequent use of `npm`, `PyPI`, and VSCode Extension Marketplaces (implicit in "poisoned extensions").
## Implications
The activities of TeamPCP represent a strategic shift from targeted, "surgical" supply chain attacks (like SolarWinds) to high-volume, industrialized poisoning. By creating a "flywheel" of compromises, they have managed to systematically undermine the trust of the open-source ecosystem. The successful breach of GitHub highlights that even major security-conscious organizations are vulnerable to "dependency confusion" or poisoned developer tooling.
## Mitigations
* **Developer Environment Isolation:** Treat developer workstations as high-trust assets and monitor plugin/extension installations (e.g., VSCode extensions) for anomalous behavior.
* **Supply Chain Verification:** Implement automated tooling (e.g., Socket, Snyk) to scan for "poisoned" packages or unexpected changes in dependency versions.
* **Secrets Management:** Rotate credentials regularly and implement hardware-based MFA to prevent stolen credentials from being used to publish malicious code.
* **Code Signing:** Mandate strict code-signing and verification for all internal and third-party dependencies used in production pipelines.