https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w
GitHub has confirmed that an employee device was compromised via a poisoned Microsoft Visual Studio Code extension, resulting in the exfiltration of approximately 3,800 internal repositories. The threat actor behind the breach is TeamPCP, the same group responsible for the self-replicating Mini Shai-Hulud supply chain campaign that has claimed Grafana Labs and connected to the TanStack npm attack in recent weeks. TeamPCP subsequently listed the stolen repositories for sale on a cybercrime forum for a minimum of 50,000, with LAPSUS later joining the listing in a joint offer priced at $95,000. GitHub has stated that its current investigation finds no evidence of impact to customer data stored outside its internal repositories, including customer enterprises, organisations, and their own repositories, and has rotated critical credentials as a priority containment measure.
The technical depth of the Mini Shai-Hulud campaign is considerable and continues to expand. Researchers have now identified that TeamPCP has also compromised the durabletask PyPI package — an official Microsoft Python client for the Durable Task workflow framework — with three malicious versions published to the Python Package Index. The malicious payload functions as a self-propagating infostealer targeting Linux systems, capable of harvesting credentials from major cloud providers, password managers including 1Password and Bitwarden, SSH keys, Docker credentials, VPN configurations, and HashiCorp Vault secrets. Once inside an AWS environment, the malware propagates itself laterally to other EC2 instances using AWS Systems Manager, and similarly uses kubectl to spread across Kubernetes clusters. The durabletask package records approximately 417,000 downloads per month, and the malicious code executes automatically the moment the package is imported, with no visible indicators of compromise to the end user.