GitHub has confirmed that it is investigating unauthorized access to its internal repositories after hacking group TeamPCP put up for sale allegedly stolen company data. The platform said the attack was linked to a hacked device belonging to an employee.
The company said it continues to watch its infrastructure closely to see whether other attackers are active.
If the investigation finds that user information has been compromised, GitHub says it will contact those customers via normal incident response channels.
It came to light when TeamPCP published what appeared to be stolen GitHub data (over 4,000 of GitHub’s internal repositories) on a cybercrime forum. The attackers claimed they would sell the data for at least $50,000.
TeamPCP indicated that this was not a “ransom,” but rather a simple sale of data to a buyer. They also warned that if no buyer were found, they would publish the entire archive publicly. TeamPCP claims the group is allegedly “retiring” itself.
Subsequently, GitHub reported that it had detected and localized the breach of one employee device as part of the attack. That device had become infected with an attacker-infected extension for Microsoft Visual Studio Code. Following discovery of the attack, GitHub initiated an emergency refresh of all critical secrets and credentials that might have been compromised.
At present, based upon preliminary assessments of the attack, GitHub reports that an unauthorized party has accessed many of GitHub’s internal repositories. According to TeamPCP, the number of repositories identified in the attack appears consistent with findings of an internal investigation.
GitHub did not disclose the name of the malicious VSCode extension. In recent days, however, there has been disclosure regarding another TeamPCP-compromised extension called Nx Console, which contained tools to create a multi-tiered info-stealer and an attacker-tool designed for Supply Chain Attacks. According to Nx developers, several users of the Nx console were impacted.
Following publicity surrounding the incident, TeamPCP subsequently posted a message in X accusing GitHub of delaying in responding to the incident. In the posting by xploitrsturtle2 (the nick-name given to TeamPCP), the hacker expressed his belief that GitHub “wouldn’t tell anyone” about the situation.
As such, researchers continue to document additional TeamPCP attacks against the open source community. This time around, the group compromised a package called durable-task on PyPI. It is Microsoft’s official Python client for the Durable Task Framework.
Versions 1.4.1, 1.4.2 and 1.4.3 of durable-task contained malicious code. Based on research done by Wiz, it appears the attackers first breached a GitHub account as part of a prior attack. Then, they stole secret information from the repository and utilized a PyPI token to publish the malware-infected packages.
Durabletask contained a dropper, which was capable of downloading the second-stage malware from a URL called check.git-service[.]com. Researchers believe this is likely just another example of the ongoing Mini Shai-Hulud campaign that has been tied to previous hacks involving packages such as guardrails-ai
SafeDep noted that it collects cloud secrets, ssh keys, docker login credentials, vpn configurations, password managers and hashicorp vault secrets; creates a dump of an individual’s 1password or bitwarden vault; and collects the history of all commands executed by an attacker at the shell level.
SafeDep also analyzed how the worm replicates itself (self-replication). When it finds it is operating within an aws environment, it utilizes the systems management service (ssm) to replicate itself to other ec2 instances. In addition, if it identifies a Kubernetes environment, it utilizes “kubectl exec” to replicate itself into those environments.
Additionally, Aikido Security observed what they found to be another unique aspect of the malware. When it determines whether a user is utilizing an Israeli or Iranian locale on their system, it calculates the probability that the malware will either make noise through the speakers and delete everything on the filesystem (rm -rf /) as 1 out of 6.
In order to use backup communications channels with TeamPCP C2 servers, FireScale is utilized. This permits the malware to identify potential back-up C2 servers via github.com commits which contain encrypted server addresses.
It should be noted that SafeDep believes the number of infected packages may continue to grow due to the fact that the malware propagates via tokens/secret stolen from already-infected systems. All systems using infected versions of durable-task are advised to be treated as fully compromised.
Endor Labs states that the package is downloaded approximately 417k times/month, and once a developer imports the library, malicious code executes without any visible indication of infection.
