Mistral AI Targeted: 450 Deposits Threatened by Hackers
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
The hacker group TeamPCP recently claimed to possess 450 private repositories belonging to Mistral AI, a French startup specializing in artificial intelligence. On a cybercriminal forum, the attackers assert that they hold 5 GB of internal archives and are demanding a ransom of $25,000, approximately €21,420. They threaten to publish this data for free if no buyer comes forward within the week.
A spokesperson for Mistral AI confirmed that a temporary breach occurred on May 12, but downplayed its impact. They specified that no customer data, hosted services, or research environments were affected. According to the company, the hackers only accessed repositories deemed non-critical.
Among the files claimed by TeamPCP is a repository titled "pfizer-rfp-2025," which appears to be related to a tender with the American pharmaceutical company Pfizer. Although there is no evidence of a direct compromise of Pfizer, the presence of this file suggests a possible exposure of sensitive business documents related to a major client.
The compromised archives also include files such as mistral-finance-agent.tar.gz, cma-customer-care-internal.tar.gz, and mistral-lawyer-internal.tar.gz. These files cover various sectors such as finance, healthcare, and legal. The hackers provided a snippet of backend code, revealing information about customer management, API subscriptions, billing metrics, and data export features.
The stolen content is divided into three main categories: the technical core including inference, fine-tuning, benchmarks, and experiments; business tools specific to the finance, healthcare, and legal sectors; and identifiable client projects by name.
In its security advisory, Mistral AI linked this incident to a broader attack known as "TanStack," attributed to TeamPCP and its worm "Mini Shai-Hulud." Several contaminated versions of Mistral's SDKs were identified, notably on npm and PyPi, with an exposure window of only 188 minutes, between 10:45 PM UTC on May 11 and 1:53 AM UTC on May 12.
The infected packages carried a valid SLSA level 3 provenance certificate, an unprecedented fact on npm. TeamPCP obtained this signature after hijacking OIDC tokens from TanStack's GitHub Actions pipelines, then republished the packages under the legitimate identity of the maintainers. This means that a malicious binary was signed with the cryptographic signature intended to guarantee its origin.
TeamPCP also implanted its persistence in the hooks of Claude Code (~/.claude/) and in the auto-execution tasks of VS Code (.vscode/tasks.json). A simple npm uninstall command is not enough to remove the code. As long as these hook files remain on the disk, the payload restarts every time a development tool is opened.
Regarding the payload, the package mistralai==2.4.6 downloads a file named transformers.pyz from the IP 83.142.209.194 to /tmp/, then launches a detached background process on Linux. The attackers chose this filename to mimic the Transformers library from Hugging Face, which is ubiquitous in AI environments. The malicious code searches for GitHub, npm, GitLab, and CircleCI tokens, cloud credentials for AWS, GCP, and Azure, Kubernetes and Vault secrets, as well as 1Password and Bitwarden vaults.
In an interview with French Breaches, TeamPCP explained how its operators worked under pressure. "The tokens we retrieved in our campaign propagated malware into their packages. We had to rush to clone the repositories before they were alerted and the keys were revoked," the hackers reported.
Although the demanded sum of $25,000 may seem modest compared to Mistral's valuation, which has raised several billion euros since 2023, this attack highlights the security challenges faced by tech companies. The week announced by TeamPCP for data disclosure expires around May 19 or 20, 2026.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.