# GitHub Probes Massive Repo Theft as New Worm Hits Microsoft Package *Wednesday, May 20, 2026 at 6:09 AM UTC — Hamer Intelligence Services Desk* **Published**: 2026-05-20T06:09:35.932Z (15h ago) **Category**: cyber | **Region**: Global **Importance**: 8/10 **Sources**: OSINT **Permalink**: https://hamerintel.com/data/articles/4618.md **Source**: https://hamerintel.com/summaries --- **Deck**: By 04:06–04:13 UTC on 20 May, cybersecurity reports indicated that threat group TeamPCP claims to have stolen about 4,000 internal GitHub repositories and is offering them for sale. At the same time, a related Mini Shai‑Hulud worm compromised Microsoft’s durabletask PyPI package, while Grafana disclosed that attackers accessed its GitHub source code via an exposed workflow token. ## Key Takeaways - Around 04:06 UTC on 20 May, GitHub began investigating claims by group TeamPCP that some 4,000 internal repositories were exfiltrated and are being sold. - The same cluster of activity includes the Mini Shai‑Hulud worm infecting Microsoft’s durabletask PyPI package (Linux‑only infostealer) and using AWS Systems Manager and Kubernetes for lateral spread. - By about 04:13 UTC, Grafana confirmed that attackers accessed its GitHub source code and internal repositories via an exposed workflow token, linked to a broader npm supply‑chain attack. - The incidents underscore escalating risks to software supply chains and CI/CD systems central to global development workflows. In the early hours of 20 May 2026, between roughly 04:06 and 04:13 UTC, multiple high‑impact cybersecurity incidents converged around the software development ecosystem, with potential ramifications for organizations worldwide. Threat actor group TeamPCP publicly claimed to have stolen approximately 4,000 internal repositories from GitHub and to be offering them for sale for more than US$50,000. GitHub has initiated an investigation into the veracity and scope of the breach. Concurrently, TeamPCP’s Mini Shai‑Hulud worm was identified infecting Microsoft’s durabletask package on the Python Package Index (PyPI), specifically versions 1.4.1 through 1.4.3. The malware is characterized as a Linux‑only information stealer capable of harvesting credentials and secrets, with a propagation mechanism leveraging AWS Systems Manager (SSM) and Kubernetes environments to move laterally and compromise additional systems. Adding to the picture, the software firm Grafana disclosed around 04:13 UTC that attackers had accessed its GitHub‑hosted source code and internal repositories. The compromise occurred after a workflow token—used in continuous integration and deployment (CI/CD) processes—was inadvertently left exposed during an earlier supply‑chain attack involving the TanStack npm ecosystem. Grafana reported that it had rejected ransom demands and is conducting a forensic review. The principal actors in this unfolding scenario are the threat group TeamPCP, GitHub as a central code hosting and collaboration platform, and major software vendors like Microsoft and Grafana whose projects sit at the heart of countless enterprise and open‑source deployments. Cloud providers and orchestrators—AWS and Kubernetes—inadvertently feature as propagation mechanisms exploited by the malware. The incidents collectively highlight acute systemic vulnerabilities in modern software supply chains. CI/CD tokens and automation workflows, when mishandled or inadequately protected, offer attackers powerful privileges across repositories and build pipelines. Compromised packages on registries like PyPI or npm allow adversaries to insert malicious code into downstream applications at scale, often before defenders detect anomalies. If TeamPCP’s claim of 4,000 stolen repositories is substantiated, the implications could be far‑reaching. Proprietary source code, configuration files, and embedded secrets harvested from such repos can enable follow‑on intrusions, intellectual property theft, or the crafting of highly tailored exploits. Even if no zero‑day vulnerabilities are exposed, knowledge of internal system architectures substantially lowers the cost and time required for future attacks. For Microsoft and Grafana users, the immediate concern is whether compromised packages or repos have already been incorporated into production systems, particularly in sensitive environments like financial services, healthcare, and critical infrastructure. The Mini Shai‑Hulud worm’s use of AWS SSM and Kubernetes suggests it targets organizations with mature cloud and container adoption—often those running large‑scale, mission‑critical workloads. ## Outlook & Way Forward In the near term, incident response will focus on containment, forensics, and remediation. Affected organizations and users are being advised to rotate secrets, invalidate and regenerate tokens used in GitHub and CI/CD pipelines, and conduct deep scans of repositories and deployments for indicators of compromise. Package managers will likely see a surge of audits and version locks as security teams try to prevent automatic pulls of tainted versions. Over the medium term, this cluster of events is likely to accelerate a broader shift in software security practices. Expect increased adoption of least‑privilege token design, short‑lived credentials for CI/CD, and wider use of software bills of materials (SBOMs) to track dependencies. GitHub and other platforms may introduce stricter defaults for repository access, token management, and automated scanning, as well as enhanced detection for anomalous pull and push patterns indicative of mass exfiltration. Strategically, the incidents reinforce that supply‑chain and platform‑level compromises are among the most leveraged vectors for state‑sponsored and financially motivated actors. Analysts should monitor: confirmation of the scale and nature of the alleged GitHub repo theft; disclosures from impacted organizations whose source code may have been accessed; and any evidence connecting TeamPCP’s operations to larger campaigns. As more organizations centralize development and deployment workflows on a small number of cloud‑based platforms, such platforms become high‑value targets whose security posture effectively shapes risk across entire sectors.