- OpenAI confirmed that two employees’ devices were affected by TanStack ‘Mini Shai‑Hulud’ supply chain attack
- Malware exfiltrated a limited number of identifying documents from internal code repositories; no customer data or IP assigned
- OpenAI revoked sessions, credential rotation, and certificate signing; macOS users need to update apps, Windows/iOS are not affected
OpenAI confirmed that two employees’ devices were affected by the recent TanStack supply chain attack, but stressed that the incident left virtually no mark on its operations.
A threat actor known as TeamPCP recently launched the “Mini Shai-Hulud” supply chain attack, in which 84 versions of the TanStack npm package were compromised and used to distribute malware.
The malware smuggled by TeamPCP was designed to harvest developer credentials, cloud secrets, and SSH keys. It is probably called “Mini Shai-Hulud” because it self-propagates through the ecosystem, similar to the previous Shai-Hulud worm. The name comes from the gigantic verses in the Dune novels.
Confirmation of the attack
Today, OpenAI confirmed that two employee devices in its corporate environment were affected.
“We observed activity consistent with publicly described malware behavior, including unauthorized access and credential-driven exfiltration activity, in a limited subset of internal source code repositories that the two affected employees had access to,” OpenAI said in a blog post.
“We have confirmed that only a limited number of identifying documents were successfully exfiltrated from these code repositories and that no other information or code was impacted.”
In response to the incident, OpenAI isolated affected systems and identities, revoked user sessions, and rotated all credentials. The company has also temporarily restricted code deployment flows, but so far there is no indication that customer data or intellectual property has been affected. There is also no evidence of misuse of credentials or subsequent access.
The affected source code repositories included signing certificates for OpenAI products including iOS, macOS, and Windows, forcing the company to alternate code signing certificates as a precaution. As a result, macOS users will need to update their apps. Windows and iOS app users don’t need to do anything.
TanStack is a collection of free software tools that help developers manage data and create user interfaces for websites and applications. Across its library ecosystem, TanStack has been downloaded more than four billion times. The total ecosystem currently receives over 177 million downloads per week.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
