- TeamPCP hackers stole 450 Mistral AI repositories and are auctioning them off on the dark web for ~$25K
- Data includes ~5GB of internal source code for model training, tuning, benchmarking, and delivery.
- The group warned that if no buyers show up soon, they will leak everything for free; Mistral confirmed the SDK contamination but said core systems and user data were not affected
The hackers who recently stole 450 Mistral AI repositories are now offering a large data set to the highest bidder on the dark web, but if a buyer doesn’t appear soon, they will leak everything for free.
Hacker group TeamPCP recently launched a supply chain attack called Mini Shai-Hulud against the TanStack npm package. TanStack is a collection of free software designed for creating user interfaces with over 177 million weekly downloads.
By poisoning the package, TeamPCP managed to distribute information-stealing malware that collected developer credentials, cloud secrets, and SSH keys.
Flexible pricing
In a statement shared with beepcomputerMistral AI confirmed that criminals compromised a codebase management system.
“They contaminated some of our SDK packages for a brief period,” the company said, emphasizing that the affected data was not part of the central code repositories: “Neither our hosted services, managed user data, nor any of our research and testing environments were compromised,” Mistral said.
This didn’t stop TeamPCP from advertising the loot on the dark web for no more than $25,000. They say they stole five gigabytes of “internal repositories and source code” supposedly used for training, tuning, benchmarking, model delivery and inference in experiments and future projects.
The sale is exclusive, which means that only one person will receive the products. TeamPCP also invited Mistral AI to buy it and said that if a buyer is not found within a week, everything will be leaked to the forums for free.
The price of $25,000 is negotiable, they said, and they invited other actors to offer what they consider a reasonable price.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
