A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
WIRED • • business
Key Points:
- Cybercriminal group TeamPCP has escalated software supply chain attacks, compromising hundreds of open source tools and extorting victims, significantly undermining trust in the software development ecosystem.
- On May 19, 2026, TeamPCP breached GitHub by planting malware in a VSCode extension, gaining access to approximately 3,800 of GitHub’s internal code repositories, though no customer code was affected.
- TeamPCP’s attack strategy involves a self-perpetuating cycle of infecting widely used developer tools, stealing credentials, and distributing malicious code, recently enhanced by an automated worm called Mini Shai-Hulud.
- The group is financially motivated, often engaging in ransomware and data extortion, and has expanded operations through partnerships with cybercriminal platforms, while also occasionally targeting geopolitical interests.
- Experts advise organizations to improve security hygiene by rotating credentials and cautiously managing software updates, recommending measures like delaying automatic updates and thoroughly vetting open source code before deployment to mitigate risks.