GITHUB said it is investigating unauthorized access to its internal repositories after TeamPCP listed the platform’s source code and internal organisations for sale on a cybercrime forum. The company noted that there is currently no evidence of impact to customer information stored outside GitHub’s internal repositories, and it will notify customers through established incident response channels if any impact is discovered.
TeamPCP, a threat actor linked to a string of software supply chain attacks, reportedly asked for no less than $50,000 and claimed the data dump includes about 4,000 repositories. The post containing the sale claim came with screenshots shared by Dark Web Informer, and the attackers said they shred the data if a buyer is found, otherwise they would leak it for free.
According to Wiz and other researchers cited in the piece, TeamPCP’s activities also involve a self-replicating malware campaign known as Mini Shai-Hulud, tied to broader compromises such as the durabletask PyPI package and related payloads.