A hacker group is poisoning open source code at an unprecedented scale

A significant escalation in software supply chain attacks has emerged, with cybercriminals compromising trustworthy software to embed their malicious codes. Once considered infrequent, these attacks have now become alarmingly routine, creating a chilling atmosphere of insecurity in the open source community. Recently, GitHub announced a security breach linked to one such attack. A developer unknowingly installed a compromised extension for Visual Studio Code (VSCode), a widely used code editor developed by Microsoft. This incident is attributed to the cybercrime group TeamPCP, which claims to have infiltrated approximately 4,000 GitHub repositories through this breach. GitHub confirmed that at least 3,800 of these repositories were indeed compromised, revealing that they contained GitHub's proprietary code rather than that of its users. In a shocking statement on BreachForums, a notorious marketplace for cybercriminals, TeamPCP declared their intentions to auction GitHub's source code and internal structures, offering samples to potential buyers to prove authenticity. This breach represents the latest chapter in an ongoing saga of software supply chain attacks that have reached unprecedented levels of frequency and severity. According to cybersecurity experts at Socket, TeamPCP has executed 20 distinct waves of attacks in recent months, embedding malware into over 500 different software packages. The ongoing nature of these attacks raises significant concerns about the integrity of software development and the trustworthiness of open source tools that are foundational to modern software creation.