.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
On May 19-20, 2026, GitHub confirmed a security incident affecting its own internal systems. A threat actor self-identifying as TeamPCP, also tracked as UNC6780, compromised an employee’s developer device by way of a malicious Visual Studio Code extension and used that foothold to clone roughly 3,800 of GitHub’s internal repositories. The actor has reportedly listed the data for sale on a criminal forum at upwards of $50,000 USD.
GitHub assesses that customer repositories, enterprise accounts, and user data are not affected. The compromise is, on current evidence, confined to GitHub’s own corporate estate. GitHub claims that it has rotated credentials, isolated affected endpoints, and is continuing to investigate.
Sophos has searched its internal estate and has found no evidence of compromise.
What happened
Based on GitHub’s public statements and reporting from The Hacker News, Cybersecurity News, and others, the incident proceeded as follows:
- Initial access. TeamPCP delivered a poisoned Visual Studio Code extension to a GitHub employee’s development device. The extension harvested developer secrets and access tokens from the IDE’s local environment.
- Repository theft. Using stolen credentials, the attacker cloned approximately 3,800 GitHub-internal private repositories containing proprietary source code, deployment scripts, and internal configuration material. Media reporting initially cited a ~4,000 figure; GitHub describes the lower number as “directionally consistent” with its investigation.
- Monetization. TeamPCP listed the stolen data for sale on a cybercrime forum and used a purportedly associated X/Twitter account (xploitrsturtle2) to publicly taunt GitHub.
- Detection by GitHub. GitHub detected the breach on 19 May, began incident response, and rotated critical secrets the same day. The malicious extension version has been removed; infected endpoints have been isolated.
Key TeamPCP TTPs
TeamPCP's defining characteristic is that they gain access indirectly by backdooring open-source security and development tools that targets already trust and run. The following summarises five prominent TeamPCP techniques, mapped to their associated MITRE ATT&CK technique identifiers.
- Software supply chain compromise (T1195.002). Tampering with trusted tools (e.g., Trivy, Checkmarx, LiteLLM) to distribute malware via legitimate update and package ecosystems
- Credential harvesting at scale (T1555 / T1003). Stealing passwords, API keys, cloud credentials, and CI/CD secrets from infected developer and production environments
- Abuse of valid accounts for lateral access (T1078). Reusing stolen tokens and developer credentials to pivot across repositories, pipelines, and organisations
- CI/CD pipeline and package ecosystem abuse (T1608.004). Poisoning build pipelines and publishing malicious packages to propagate access across downstream users and dependencies
- Automated propagation via worming across software dependencies (T1210 / T1105). Deploying self-propagating malware (e.g., CanisterWorm) to spread through npm and developer workflows at scale
Sophos response
Sophos has actively tracked this incident from first public disclosure. Internally we have done the following:
- Internal estate searched. Network proxy, on-prem firewall, central data events, DNS, ZTNA, and GitHub audit logs have all been swept based on the information provided so far. No evidence of compromise has been found. A small number of hits resolved to unauthenticated external bots probing a /git-service URL path and were ruled out as unrelated.
- GitHub audit log review. Anomalous token, secret, OAuth, webhook, and download actions across the last 30 days were reviewed; all events were consistent with routine activity.
- VS Code extension hunt. A list of VS Code extensions present in the Sophos environment has been collected and is being evaluated against publisher reputation and permission scopes. The hunt is live and ongoing.
- Continued monitoring. Sophos X-Ops continues to monitor this incident.
Recommendations
SophosLabs is monitoring this incident and will investigate detection and mitigation opportunities associated with exploitation activity. Sophos X-Ops recommends the following:
- Audit installed VS Code extensions. Inventory extensions across developer endpoints and VDI images. Flag anything outside an approved set, particularly: new or rare publishers, typosquats, very recent permission expansions, and extensions enabling shell integration or task execution on trusted repositories.
- Hunt for IDE-driven anomalies. On developer endpoints, look for: VS Code child processes spawning Git or credential tooling outside developer working hours; archive download immediately followed by interpreter execution; outbound connections to young or rare domains from developer hosts.
- Tighten developer identity. Enforce short-lived tokens, scoped access, and SSO for source control. Rotate any long-lived developer access tokens that were resident on potentially affected hosts. Review audit logs for mass-clone behaviour or unusual repository read patterns.