“Yesterday we detected and contained a compromise of an worker gadget involving a poisoned VS [Visual Studio] Code extension. We eliminated the malicious extension model, remoted the endpoint, and commenced incident response instantly,” GitHub stated.
“Our present evaluation is that the exercise concerned exfiltration of GitHub-internal repositories solely. The attacker’s present claims of ~3,800 repositories are directionally in line with our investigation to date.”
GitHub added: “We proceed to research logs, validate secret rotation, and monitor for any follow-on exercise. We’ll take further motion because the investigation warrants.” The corporate promised to publish a full incident report as soon as it had accomplished its investigations.
That determine tallied with an earlier declare by the TeamPCP menace group that it had breached 4,000 repos, full with a menace to leak the stolen code if no purchaser prepared to pay no less than “50k” was discovered. The group backed up its declare by posting a listing of the breached repositories on the LimeWire content material sharing platform.
