A hacker group known as TeamPCP is conducting unprecedented open-source software supply chain attacks, significantly increasing cybersecurity threats. Recently, TeamPCP compromised GitHub, accessing around 4,000 repositories via a poisoned VSCode extension. They have executed multiple attacks, embedding malware in over 500 software tools. This cyclical exploitation allows them to infiltrate numerous developers' networks and propagate their malware further.
TeamPCP has been transitioning to automated attacks with self-spreading worms, posing severe risks to software supply chains. The group appears financially motivated, selling compromised data while threatening to leak information if buyers aren't found. Experts suggest increased vigilance, including careful management of credentials and delaying software updates, to mitigate risks associated with malicious code.