Technology

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

1 4 minutes read
GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK
GitHub confirms 3800 internal repos stolen through poisoned VS Code.png

The recent GitHub breach has sent shockwaves through the tech community, with a poisoned VS Code extension giving attackers access to thousands of internal repositories. The threat group responsible, TeamPCP, also known as UNC6780, is now selling the stolen repositories for a starting price of $50,000. This breach is just one in a series of supply chain attacks orchestrated by TeamPCP, with at least seven waves identified since March.

GitHub has confirmed the breach and named the attack vector as a poisoned VS Code extension installed on an employee’s device. While critical secrets were rotated overnight, the blast radius of the breach continues to expand. The stolen repositories contain sensitive information such as infrastructure configurations and deployment scripts, posing a significant risk to GitHub and its users.

In a separate incident, a new wave of the Mini Shai-Hulud worm introduced provenance forgery, with malicious npm packages forging valid cryptographic certificates. This wave affected over 600 packages in the @antv ecosystem, highlighting the increasing sophistication of supply chain attacks. TeamPCP’s open-sourcing of the Shai-Hulud worm code has led to copycat variants, further complicating attribution.

On the same day as the GitHub breach, threat actors compromised the GitHub Actions workflow actions-cool/issues-helper, redirecting existing tags to imposter commits that exfiltrate credentials from CI/CD pipelines. This attack was tied to the @antv wave, showcasing the interconnected nature of supply chain attacks.

Furthermore, TeamPCP targeted Microsoft’s durabletask Python SDK on PyPI, publishing three malicious versions within a short window. The attacker exploited a compromised GitHub account to access the SDK repository and push the infected releases. This attack highlights the vulnerability of even well-established tech companies to supply chain attacks.

The GitHub breach and related incidents underscore the growing threat of supply chain attacks in the tech industry. As threat actors become more sophisticated in their tactics, companies must remain vigilant and prioritize security measures to protect their assets and users from potential breaches. PyPI, the Python Package Index, recently took the bold step of quarantining all three versions of the durabletask package after StepSecurity’s analysis uncovered a malicious payload within it. The payload, a 28 KB dropper named rope.pyz, was found to be stealing credentials from various cloud services such as AWS, Azure, GCP, Kubernetes, and over 90 developer tool configurations. Once the credentials are stolen, the payload is designed to spread laterally through cloud infrastructure. Interestingly, the payload specifically avoids systems with a Russian locale, indicating a targeted attack.

The durabletask package, which has been averaging over 400,000 monthly downloads, was found to be the carrier of this malicious payload. This discovery raises concerns about the security of packages hosted on PyPI and the potential risks that developers face when using third-party libraries.

In a related incident, VS Code extensions have also come under scrutiny after attackers compromised the Nx Console VS Code extension, which had been installed over 2.2 million times. The malicious version of the extension was found to harvest tokens from various platforms, including GitHub, npm, AWS, HashiCorp Vault, Kubernetes, and 1Password. The attack specifically targeted Claude Code configuration files, posing a significant threat to developers who had unknowingly installed the compromised extension. This incident highlights the vulnerabilities that exist in popular development tools and the risks associated with using third-party extensions.

Furthermore, the use of AI coding agents has also raised security concerns, as researchers discovered that trust dialogs were being treated as features rather than security events. Adversa AI’s TrustFall research revealed that certain coding agents could auto-approve and launch malicious servers without requiring explicit user authorization. This lack of oversight could potentially lead to unauthorized access and data breaches, highlighting the importance of implementing robust security measures in AI-powered tools.

In another concerning development, PR comments were found to be exploited as agent instructions, allowing malicious actors to execute unauthorized commands through legitimate API calls. This vulnerability, classified as critical with a CVSS score of 9.4, underscores the need for organizations to closely monitor and secure their development pipelines to prevent unauthorized access and data breaches.

Overall, these incidents serve as a stark reminder of the evolving threat landscape faced by developers and the critical need for stringent security measures in place to protect sensitive data and infrastructure. As malicious actors continue to exploit vulnerabilities in popular development tools and platforms, developers must remain vigilant and proactive in securing their systems to prevent potential security breaches. In a recent interview with VentureBeat, Kayne McGladrey, a distinguished IEEE Senior Member, raised concerns about the use of cloned human user profiles for agents within organizations. According to McGladrey, this practice often leads to permission sprawl from the very beginning.

McGladrey pointed out that many compliance frameworks used by enterprises were originally designed with human users in mind. As a result, agent identities, which are increasingly being utilized within organizations, are not adequately addressed in these control catalogs.

The use of cloned human user profiles for agents can lead to a number of issues, including security vulnerabilities and compliance violations. Without specific guidelines for managing agent identities, organizations may struggle to effectively monitor and control access to sensitive information.

To address these challenges, organizations need to develop new strategies for managing agent identities. This may involve creating separate control catalogs specifically tailored to the needs of agents, as well as implementing more robust monitoring and access control mechanisms.

By recognizing the unique challenges posed by agent identities and taking proactive steps to address them, organizations can better protect their data and ensure compliance with regulatory requirements. McGladrey’s insights serve as a valuable reminder of the importance of staying ahead of evolving technology trends in order to maintain a secure and compliant environment.

Tags
1 4 minutes read

Related Articles

If Apple Makes an iPad Neo, it’s Over for Android

If Apple Makes an iPad Neo, it’s Over for Android

8 hours ago
Google Announces Android 17 Handoff Feature Continue On

Google Announces Android 17 Handoff Feature Continue On

14 hours ago
These Secret Netflix Codes Let You Find Hidden Films and Series

These Secret Netflix Codes Let You Find Hidden Films and Series

20 hours ago
Samsung and Google Gemini Smart Glasses Announced

Samsung and Google Gemini Smart Glasses Announced

1 day ago
Back to top button