TeamPCP Hackers Extort Mistral AI Following Supply-Chain Breach

The hacker group known as TeamPCP is currently attempting to sell approximately 450 repositories allegedly stolen from Mistral AI, demanding a $25,000 payment to prevent the data from being leaked publicly. The threat actors claim the stolen cache contains 5 gigabytes of internal source code, including materials related to model training, fine-tuning, benchmarking, and inference BleepingComputer.

The breach originated from the "Mini Shai-Hulud" software supply-chain attack, which utilized stolen CI/CD credentials and legitimate workflows to compromise official packages from TanStack and Mistral AI. This campaign had a broad reach, impacting hundreds of projects across the npm and PyPI registries, including software from UiPath, Guardrails AI, and OpenSearch BleepingComputer.

Mistral AI confirmed that the attackers managed to contaminate some of its software development kit (SDK) packages for a short period. According to the company, the initial compromise occurred after a developer's device was infected via the TanStack supply-chain attack. However, Mistral maintains that the incident was contained, stating that its core code repositories, hosted services, managed user data, and research environments remained secure BleepingComputer.

The fallout from the Mini Shai-Hulud attack also reached OpenAI, which confirmed that two employees with access to a limited subset of internal repositories were affected. OpenAI reported that a small set of credentials was stolen during the incident, though there is no evidence they were used for further malicious activity. In response, OpenAI has rotated the compromised code-signing certificates and issued a mandatory update for its macOS desktop application, warning users that failure to update by June 12 may result in the software failing to launch BleepingComputer.

TeamPCP has stated that if a buyer is not found for the Mistral AI data within one week, they intend to release the repositories for free on hacker forums. The group is currently open to negotiations regarding the $25,000 asking price BleepingComputer.

This incident highlights the escalating risks associated with supply-chain attacks targeting developer environments and CI/CD pipelines. By compromising trusted packages, threat actors can bypass traditional perimeter defenses to gain access to sensitive internal codebases. As organizations increasingly rely on third-party libraries and interconnected development workflows, the potential for widespread, cascading security failures continues to grow, necessitating more rigorous verification of software dependencies and developer workstation security.

The SANS Internet Storm Center reports that the TeamPCP campaign escalated sharply in the week ending May 24, 2026, with three parallel supply-chain waves. A trojanized Nx Console VS Code extension (v18.95.0) exfiltrated approximately 3,800 GitHub-internal repositories, with downstream victims including OpenAI, Grafana Labs, and Mistral AI. Separately, Microsoft's durabletask Python SDK on PyPI (versions 1.4.1–1.4.3, ~417K monthly downloads) was trojanized and carried a Linux disk wiper, while a third wave pushed 639 malicious npm package versions across 323 packages, including echarts-for-react and size-sensor. Operator credentials trace back to the TanStack OIDC abuse (CVE-2026-45321), confirming the campaign's multi-stage nature.

The SANS Internet Storm Center report adds that the TeamPCP campaign escalated further in the same week with a trojanized Microsoft-published Python SDK (durabletask, versions 1.4.1–1.4.3) on PyPI carrying a Linux disk wiper, and a third Mini Shai-Hulud wave of 639 malicious packages across the @antv npm ecosystem, including echarts-for-react (~1.1M weekly downloads). The report also confirms that the Nx Console VS Code extension breach of GitHub's internal CI/CD exfiltrated approximately 3,800 repositories, with OpenAI, Grafana Labs, and Mistral AI named as downstream victims.