Top News

“We are here today to advertise GitHub’s source code and internal orgs for sale. Everything for the main platform is there and I am very happy to send samples to interested buyers to verify absolute authenticity,” TeamPCP wrote on BreachForums, a forum and marketplace for cybercriminals, following the breach.

The GitHub breach is the latest in a string of software supply chain attacks allegedly linked to the emerging hacker group, raising questions about how to use open-source software safely. Here’s everything you need to know about TeamPCP.

Who is TeamPCP?

TeamPCP emerged in late 2025, when it exploited cloud misconfigurations and a vulnerability in the web app development tool Next.js to deploy a botnet for attacks like credential theft and cryptocurrency mining. The group of hackers relied heavily on worms to grab static credentials and authentication tokens to bore deeper into victims’ systems.

TeamPCP’s page on the dark web links to ‘business contacts, which could potentially be used to carry out ransom negotiations. The webpage features Matrix-style cascading ones and zeros, along with the words ‘TEAMPCP: The Cats Hijacking Your Supply Chains’ with a reggae fusion soundtrack in the background, according to a report by Wired.

The group’s attacks appear to be financially motivated as it often targets victims by deploying ransomware or carrying out data extortion campaigns. It has also expressed willingness to sell victims’ data to any buyer.

“This is not a ransom. We do not care about extorting GitHub, 1 buyer and we shred the data on our end […] It looks like our retirement is soon so if no buyer is found we will leak it free,” TeamPCP reportedly wrote in its BreachForums post with regards to the GitHub breach.

TeamPCP is believed to have transitioned to a ransomware-as-a-service model in April this year by establishing partnerships with widely known cybercriminal platforms such as BreachForums and DragonForce.

What is TeamPCP’s modus operandi?

Simply put, a software supply chain attack is when hackers corrupt a legitimate piece of software to hide their own malicious code. It threatens to turn any innocent application into a dangerous foothold in a victim’s network, thereby sowing a new level of distrust across the ecosystem.

TeamPCP reportedly relies on a cyclical exploitation of software developers. First, the hackers gain access to a network where an open-source tool commonly used by coders is being developed. They then plant malware in the open-source tool that is also used to compromise other software developers’ machines, including those developers creating other software tools for coders.

The malware allows TeamPCP to steal credentials which, in turn, lets them publish malicious versions of those software development tools. The breached network grows as the cycle repeats. TeamPCP’s hackers have also reportedly automated many of its software supply chain attacks with a self-spreading worm known as ‘Mini Shai-Hulud’ – seemingly a reference to the popular sci-fi novel and movie series, Dune.

Encrypted credentials in GitHub repositories created by the worm reportedly carry the phrase: ‘A Mini Shai-Hulud Has Appeared’. In September 2025, a similar supply chain attack involving self-spreading malware reportedly carried the same phrase.

Who has been targeted by TeamPCP?

Over the last few months, TeamPCP has carried out 20 waves of supply chain attacks that have hidden malware in more than 500 distinct pieces of software, according to cybersecurity firm Socket. With these tainted pieces of code, TeamPCP has targeted and breached hundreds of companies that installed the software, according to Ben Read, the head of strategic threat intelligence at cloud security firm Wiz.

Before GitHub, TeamPCP is said to have been behind attacks targeting OpenAI and data contracting firm Mercor. The hackers are said to have embedded an infostealer in the open source security scanner Trivy and then used stolen credentials from this attack to compromise certain versions of the AI application programming interface (API) tool called LiteLLM that is hosted on the popular Python software repository PyPI.

Web application security firm Checkmarx, web app library TanStack, and enterprise AI platform Mistral are just a few other companies that have been targeted by TeamPCP in supply chain attacks. It was also reportedly behind the recent data breach affecting the European Commission’s public website.

How can organisations protect themselves?

Experts believe that organisations can protect themselves from TeamPCP’s supply chain attacks to a certain degree by keeping up security “hygiene” practices that carefully manage authentication tokens and impose access restrictions wherever possible.

It is also recommended to change or rotate tokens even if you are not using the packages that have been compromised. Other potential safeguards include bringing age-gating updates to open-source tools. Security updates need to be vetted and installed rather than immediately updating to code that has been newly published and may be malicious.