GitHub Links Internal Repository Breach To TanStack Supply-Chain Attack

GitHub has confirmed that the breach involving roughly 3,800 internal repositories started through a malicious version of the official Nx Console VS Code extension. The attack links back to the wider TanStack npm supply-chain compromise that spread across several developer ecosystems.

The company says it secured the compromised employee device and rotated high-priority secrets after discovering the intrusion. GitHub also stated that it has no evidence so far that customer data outside the affected repositories was stolen.

GitHub links breach to TeamPCP

GitHub attributed the campaign to the TeamPCP threat group, which has previously been associated with software supply-chain attacks. The group was also reportedly tied to the Mini Shai-Hulud campaign that allegedly impacted two OpenAI employees.

According to GitHub, the attackers moved through multiple projects after stealing CI/CD credentials from compromised npm packages.

The campaign reportedly began with malicious TanStack and Mistral AI npm packages before expanding into projects tied to UiPath, Guardrails AI, OpenSearch, and others.

Malicious Nx Console extension briefly appeared online

GitHub CISO Alexis Wales confirmed that the poisoned extension was Nx Console, the official VS Code extension for the Nx build system used to manage large repositories and monorepos.

A malicious release labeled Nx Console 18.95.0 briefly appeared on extension marketplaces.

Nx said one of its developers became compromised through the earlier TanStack supply-chain attack. The attacker allegedly stole GitHub credentials through the GitHub CLI, allowing workflow execution on the Nx GitHub repository with contributor-level access.

The malicious extension remained available on the Visual Studio Marketplace for around 18 minutes and on OpenVSX for roughly 36 minutes.

Microsoft and OpenVSX reported relatively low download counts, with 28 downloads on the Visual Studio Marketplace and 41 on OpenVSX.

Payload targeted developer credentials and cloud secrets

GitHub says the malicious extension focused on stealing secrets and developer credentials.

The payload reportedly targeted credentials tied to npm, AWS, Kubernetes, GitHub, Google Cloud, and Docker environments. These kinds of credentials can help attackers move laterally across software pipelines and cloud infrastructure.

GitHub says it rotated critical secrets on Monday and Tuesday, prioritizing the credentials with the highest potential impact first.

The company added that investigators are still reviewing logs, validating credential rotation, and monitoring for additional malicious activity connected to the breach.

Attackers claim access to GitHub source code

TeamPCP claimed it gained access to GitHub source code and around 4,000 private repositories. The group later advertised the allegedly stolen data on the Breached cybercrime forum.

GitHub has not confirmed the full scope of the attackers’ claims.

The incident highlights how modern supply-chain attacks increasingly target developer tooling, extensions, and CI/CD workflows instead of directly attacking end users.

In related security news, Microsoft recently warned about threat groups targeting Microsoft 365 and Azure environments to steal sensitive data. The company also acknowledged the YellowKey exploit and says it is working on mitigations.