GitHub internal repositories breached
Summary
A malicious VS Code extension has been discovered that allowed attackers to clone private GitHub repositories. The compromised repositories were reportedly offered for sale on a criminal forum, highlighting a significant supply chain security risk.
IFF Assessment
FOE
The compromise of private repositories and their potential sale on criminal forums represents a serious threat to organizations' intellectual property and sensitive data.
Defender Context
This incident underscores the critical importance of vetting extensions and plugins used in development environments, especially those that have access to source code. Defenders should implement strict policies around software supply chain security, including code scanning and vulnerability management for third-party components.