Hackers claim sale of Mistral AI source code after supply chain attack

Yesterday 14:44

By: Dakir Madiha

Hackers claim sale of Mistral AI source code after supply chain attack

Cybercriminals linked to the TeamPCP group are claiming to sell around 5 gigabytes of alleged internal source code repositories belonging to Mistral AI for $25,000, escalating concerns over a broader software supply chain campaign that recently targeted multiple artificial intelligence and open source projects.

The offer appeared on a hacker forum and included threats to publicly release the data within a week if no buyer emerged. Threat intelligence services flagged the post on May 14, only days after TeamPCP’s “Mini Shai Hulud” operation compromised public SDK packages linked to Mistral AI on the npm and PyPI registries. The attackers claimed the leaked material included roughly 450 repositories associated with the namespaces “mistralai” and “mistral-solutions.”

Repository names listed in the advertisement suggested access to sensitive internal development projects. The alleged cache reportedly included systems connected to model inference, fine tuning infrastructure, benchmarking tools, cloud deployment environments and chatbot security evaluation frameworks. One repository title referenced a project labeled “pfizer-rfp-2025,” raising additional concerns about potential enterprise or commercial collaborations exposed in the breach.

Cybersecurity intelligence firm VECERT described the incident as a critical threat and warned that exposed repositories could contain hard coded credentials, API keys and infrastructure secrets. Analysts urged Mistral AI to immediately rotate authentication keys and review all development environments connected to the compromised projects. Independent security researchers, however, have not verified whether the repositories genuinely originate from Mistral AI’s internal systems.

Mistral AI issued a security advisory on May 12 acknowledging that some SDK packages had been compromised during the wider TanStack supply chain attack. The company stated that the breach involved an infected developer device and insisted there was no evidence that its internal infrastructure had been penetrated. According to the company, the malicious npm packages were available for only a short period between May 11 and May 12 before removal.

The broader campaign exposed weaknesses in modern open source software distribution systems. On May 11, TeamPCP launched coordinated attacks against more than 170 packages across npm and PyPI, targeting organizations including UiPath, OpenSearch and Guardrails AI. Investigators said the group exploited vulnerabilities in GitHub Actions workflows to distribute malicious software packages carrying legitimate cryptographic signatures, making them appear authentic to developers.

Security researchers from Palo Alto Networks Unit 42 previously linked TeamPCP to attacks involving Aqua Security’s Trivy scanner and Bitwarden’s CLI package. Researchers at Wiz later found that a flaw in the malware payload prevented credential theft from functioning correctly in some npm packages linked to Mistral AI and UiPath, although Linux systems using the compromised PyPI package remained vulnerable.

Uncertainty continues to surround the authenticity of the alleged repository sale. No public evidence has confirmed whether the hackers possess valuable intellectual property or whether the claims are part of a pressure campaign designed to exploit attention surrounding the recent supply chain compromises.