Inside the Breach: How TeamPCP Poisoned a VS Code Extension to Exfiltrate 3,800 GitHub Repositories

The notorious threat syndicate tracking under the moniker TeamPCP, an adversarial collective primarily renowned for orchestrating supply-chain incursions, has circulated a commercial prospectus broadcasting the unauthorized sale of proprietary GitHub core source code and sensitive internal organizational matrices. The group explicitly characterizes the transaction not as an extortion scheme, but as an exclusive, direct commercial divestment—a tactical framing acknowledging that GitHub would almost certainly decline to proffer a ransom disbursement in exchange for data containment guarantees.

Intriguingly, TeamPCP refrained from distributing traditional sample sets, opting instead to present a catalog of source-code repository directories supplemented by corresponding interface captures. This omission has been clarified by institutional validation; GitHub corporate leadership has formally verified the perimeter breach, confirming via preliminary forensic telemetry that approximately 3,800 proprietary internal repositories were successfully exfiltrated by the adversaries.

An analysis of the disclosed directories and telemetry indicates that the exfiltrated datasets encompass the foundational source-code infrastructure powering multiple flagship GitHub functionalities. The compromised assets include repositories dedicated to GitHub Copilot, GitHub Enterprise Server, internal Red Team testing suites, vulnerability orchestration engines, and risk reporting architectures. Furthermore, the theft encompasses specialized codebases engineered for cross-site scripting (XSS) mitigation and hardening within graphical user interfaces, alongside logical routing channels mediating internal operational workflows and corporate communications.

A non-exhaustive inventory of the exfiltrated compressed archives includes:

• raycast-github-copilot.tar.gz
• chiedo-copilot-cli-skills.tar.gz
• github-enterprise-server-release-notifier.tar.gz
• github-security-risk-reporting.tar.gz
• red-team.tar.gz
• github-ui-xss-hardening-research.tar.gz
• github-india.tar.gz
• repo-custom-claims-chatops.tar.gz

GitHub’s initial incident response post-mortem traces the genesis of the compromise to an internal engineer who unknowingly ingested a compromised Visual Studio Code extension harboring malicious code blocks. Investigative forensics suggest this extension developer had fallen victim to a supply-chain worm campaign orchestrated by TeamPCP; the adversaries hijacked the developer’s administrative infrastructure to publish a weaponized iteration of the software utility. Consequently, when downstream engineers initialized or updated the extension, the embedded payload systematically harvested and exfiltrated their active authentication credentials.

Upon detecting anomalous telemetry, GitHub security cells immediately purged the malicious extension variant from the ecosystem and placed the compromised employee endpoint into absolute forensic isolation. As an immediate containment protocol, the organization initialized a comprehensive rotation of all potentially exposed cryptographic keys and access tokens. However, given the self-propagating potential of the underlying worm architecture, security analysts continue to parse historical log files and monitor system states to guarantee that latent components have not achieved lateral movement or secondary credential harvesting within adjacent infrastructure zones.

Ultimately, GitHub has ratified the total exfiltration volume at approximately 3,800 internal source-code repositories, pledging the subsequent publication of an exhaustive technical transparency report to disseminate forensic indicators and defense-in-depth methodologies to the broader security community.