- OpenAI confirmed two employee devices were impacted in the TanStack “Mini Shai‑Hulud” supply chain attack
- Malware exfiltrated limited credential material from internal code repositories; no customer data or IP affected
- OpenAI revoked sessions, rotated credentials and signing certificates; macOS users must update apps, Windows/iOS unaffected
OpenAI has confirmed two employee devices were affected by the recent TanStack supply chain attack, but stressed the incident left almost no mark on its operations.
A threat actor known as TeamPCP recently launched the “Mini Shai-Hulud” supply chain attack, in which 84 versions of the TanStack npm package were compromised and used to distribute malware.
The malware TeamPCP smuggled through was designed to harvest developer credentials, cloud secrets, and SSH keys. It is likely called “Mini Shai-Hulud” because it self-propagates across the ecosystem, similar to how the previous Shai-Hulud worm did. The name comes from the gigantic worms in the Dune novels.
Confirming the attack
Now, OpenAI has confirmed two employee devices in its corporate environment were impacted.
“We observed activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access,” OpenAI said in a blog post.
“We confirmed that only limited credential material was successfully exfiltrated from these code repositories and that no other information or code was impacted.”
In response to the incident, OpenAI isolated impacted systems and identities, revoked user sessions, and rotated all credentials. The company also temporarily restricted code-deployment workflows but so far, there’s been no evidence that customer data, or intellectual property, had been impacted. There is also no evidence of credential misuse or follow-on access.
The impacted source code repositories included signing certificates for OpenAI products, including iOS, macOS, and Windows, which forced the company to rotate code-signing certificates as a precaution. As a result, macOS users will need to update their applications. Windows and iOS app users are not required to do anything.
TanStack is a collection of free software tools that help developers manage data and build user interfaces for websites and applications. Across its ecosystem of libraries, TanStack has been downloaded more than four billion times. The total ecosystem currently gets more than 177 million downloads a week.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
