github-links-repo-breach-tanstack-npm-supply-chain-attack
The TanStack npm Supply-Chain Attack
The recent TanStack npm supply-chain attack resulted from a malicious version of the Nx Console Visual Studio Code (VS Code) extension, compromising 3,800 internal GitHub repositories.
Breach Details
The compromised extension, Nx Console 18.95.0, was available on the Visual Studio Marketplace for approximately 18 minutes before being removed.
Culprit Group
The breach is attributed to the TeamPCP threat group, known for significant supply-chain attacks on developer code platforms, including PyPI, NPM, and Docker.
Malicious Activity
The compromised extension deployed a malicious payload capable of stealing credentials and secrets for various platforms, including npm, AWS, Kubernetes, GitHub, and Google Cloud Platform (GCP)/Docker.
GitHub Response
GitHub reported that the breach occurred when an employee installed a malicious Visual Studio Code extension without disclosing its name.
Threat Group Demands
The TeamPCP threat group has claimed access to GitHub source code and approximately 4,000 private code repositories, demanding at least $50,000 in exchange for the stolen data.
Supply Chain Concerns
This development highlights the growing concern of supply-chain attacks on software development platforms and emphasizes the importance of robust security measures to prevent such breaches.
Related Developments
Several malicious Visual Studio Code extensions with millions of installations have been discovered, including those used to steal developer credentials and deploy cryptocurrency miners.
Security Measures
These findings underscore the need for regular security audits and updates to ensure the integrity of software development ecosystems.
GitHub Statistics
GitHub’s cloud-based platform serves over 4 million organizations and 180 million developers, contributing to more than 420 million code repositories.
About Author
English