Sell the source code is promised only to one buyer. Do you think they'll keep your word?
The hacker group TeamPCP put up for sale data that, according to it, belong to the Mistral AI projects. The story began not with a high-profile attack on the platform itself, but with infected packages and stolen credentials for development processes. Now the attackers are trying to turn the incident into extortion and threaten to publish materials for free if they do not find a buyer.
On one of the hacker forums, TeamPCP requested $25 000 for a set of almost 450 repositories. The Group states that it has received about 5 GB of internal repositories and source code related to the training, finishing, testing, delivery of models and experimental projects of Mistral AI. At the same time, the attackers are ready to bargain and promise to sell the archive to only one buyer.
Mistral AI confirmed to BleepingComputer that after the attack on the supply chain of Mini Shai-Huud, the attackers gained access to the code base management system. The incident began with the compromise of the official TanStack and Mistral AI packages through stolen CI/CD accounts and legitimate workflows. The infection then affected hundreds of projects in npm and PyPI, including UiPath, Guardrails AI and OpenSearch.
According to Mistral AI, violators briefly polluted part of the company’s SDK packages. In a previously published notification, the company linked the hack with the developer’s device injured in the attack on TanStack. At the same time, Mistral AI claims that the internal investigation found no signs of access to the main repositories of the code.
The company also said that the placed services, managed user data, as well as research and testing environments, were not affected. Mistral AI calls the affected data not related to the key code database, although TeamPCP’s public statements look like an attempt to increase pressure and increase the price of the stolen archive.
On 13 May, the company reported that the attack on TanStack affected the systems of two employees who had access to a limited part of the internal repositories of the source code. A small set of accounting data was stolen from the repositories, but there were no signs of their further use. OpenAI re-released the disclosed code signature certificates and warned macOS users about the need to update desktop applications until June 12, otherwise the programs may stop running and receive updates.
The hacker group TeamPCP put up for sale data that, according to it, belong to the Mistral AI projects. The story began not with a high-profile attack on the platform itself, but with infected packages and stolen credentials for development processes. Now the attackers are trying to turn the incident into extortion and threaten to publish materials for free if they do not find a buyer.
On one of the hacker forums, TeamPCP requested $25 000 for a set of almost 450 repositories. The Group states that it has received about 5 GB of internal repositories and source code related to the training, finishing, testing, delivery of models and experimental projects of Mistral AI. At the same time, the attackers are ready to bargain and promise to sell the archive to only one buyer.
Mistral AI confirmed to BleepingComputer that after the attack on the supply chain of Mini Shai-Huud, the attackers gained access to the code base management system. The incident began with the compromise of the official TanStack and Mistral AI packages through stolen CI/CD accounts and legitimate workflows. The infection then affected hundreds of projects in npm and PyPI, including UiPath, Guardrails AI and OpenSearch.
According to Mistral AI, violators briefly polluted part of the company’s SDK packages. In a previously published notification, the company linked the hack with the developer’s device injured in the attack on TanStack. At the same time, Mistral AI claims that the internal investigation found no signs of access to the main repositories of the code.
The company also said that the placed services, managed user data, as well as research and testing environments, were not affected. Mistral AI calls the affected data not related to the key code database, although TeamPCP’s public statements look like an attempt to increase pressure and increase the price of the stolen archive.
On 13 May, the company reported that the attack on TanStack affected the systems of two employees who had access to a limited part of the internal repositories of the source code. A small set of accounting data was stolen from the repositories, but there were no signs of their further use. OpenAI re-released the disclosed code signature certificates and warned macOS users about the need to update desktop applications until June 12, otherwise the programs may stop running and receive updates.
