- OpenAI confirmed that two employees’ devices were affected in the TanStack “Mini Shai-Hulud” supply chain attack
- Malware exfiltrated limited credential material from internal code repositories; no customer data or IP affected
- OpenAI revoked sessions, rotated credentials and signing certificates; macOS users must update apps, Windows/iOS are unaffected
OpenAI has confirmed that two employee units were affected by the recent TanStack supply chain attack, but emphasized that the incident had little to no impact on operations.
A threat actor known as TeamPCP recently launched the “Mini Shai-Hulud” supply chain attack where 84 versions of the TanStack npm package were compromised and used to distribute malware.
The malware TeamPCP smuggled through was designed to harvest developer credentials, cloud secrets, and SSH keys. It’s probably called “Mini Shai-Hulud” because it self-propagates across the ecosystem, just like the previous Shai-Hulud worm did. The name comes from the giant worms in the Dune novels.
Confirmation of the attack
Now OpenAI has confirmed that two employee devices in the company’s environment were affected.
“We observed activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories accessed by the two affected employees,” OpenAI said in a blog post.
“We confirmed that only limited credential material was exfiltrated from these code stores and that no other information or code was affected.”
In response to the incident, OpenAI isolated affected systems and identities, revoked user sessions, and rotated all credentials. The company also temporarily restricted code implementation workflows, but so far there has been no evidence that customer data or intellectual property was affected. There is also no evidence of misuse of credentials or subsequent access.
The affected source code repositories included signing certificates for OpenAI products, including iOS, macOS and Windows, forcing the company to rotate code signing certificates as a precaution. As a result, macOS users will need to update their applications. Windows and iOS app users are not required to do anything.
TanStack is a collection of free software tools that help developers manage data and build user interfaces for websites and applications. Across its ecosystem of libraries, TanStack has been downloaded more than four billion times. The total ecosystem currently receives more than 177 million downloads per week.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
