Brief IA

Mistral AI Targeted: 450 Deposits Threatened by Hackers

🤖 Models & LLM·Tom Levy·

Mistral AI Targeted: 450 Deposits Threatened by Hackers

Mistral AI Targeted: 450 Deposits Threatened by Hackers
Key Takeaways
1The TeamPCP group claims to have stolen 5 GB of internal data from Mistral AI and demands $25,000 to avoid its publication.
2Mistral AI confirms a limited breach on May 12, with no impact on customer data or critical services.
3The compromised archives include projects related to finance, health, and legal matters, as well as a tender involving Pfizer.
💡Why it mattersThis attack highlights the vulnerabilities of code management systems and the risks for tech companies in the face of cyber threats.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

The hacker group TeamPCP recently claimed to possess 450 private repositories belonging to Mistral AI, a French startup specializing in artificial intelligence. On a cybercriminal forum, the attackers assert that they hold 5 GB of internal archives and are demanding a ransom of $25,000, approximately €21,420. They threaten to publish this data for free if no buyer comes forward within the week.

A spokesperson for Mistral AI confirmed that a temporary breach occurred on May 12, but downplayed its impact. They specified that no customer data, hosted services, or research environments were affected. According to the company, the hackers only accessed repositories deemed non-critical.

Among the files claimed by TeamPCP is a repository titled "pfizer-rfp-2025," which appears to be related to a tender with the American pharmaceutical company Pfizer. Although there is no evidence of a direct compromise of Pfizer, the presence of this file suggests a possible exposure of sensitive business documents related to a major client.

The compromised archives also include files such as mistral-finance-agent.tar.gz, cma-customer-care-internal.tar.gz, and mistral-lawyer-internal.tar.gz. These files cover various sectors such as finance, healthcare, and legal. The hackers provided a snippet of backend code, revealing information about customer management, API subscriptions, billing metrics, and data export features.

The stolen content is divided into three main categories: the technical core including inference, fine-tuning, benchmarks, and experiments; business tools specific to the finance, healthcare, and legal sectors; and identifiable client projects by name.

In its security advisory, Mistral AI linked this incident to a broader attack known as "TanStack," attributed to TeamPCP and its worm "Mini Shai-Hulud." Several contaminated versions of Mistral's SDKs were identified, notably on npm and PyPi, with an exposure window of only 188 minutes, between 10:45 PM UTC on May 11 and 1:53 AM UTC on May 12.

The infected packages carried a valid SLSA level 3 provenance certificate, an unprecedented fact on npm. TeamPCP obtained this signature after hijacking OIDC tokens from TanStack's GitHub Actions pipelines, then republished the packages under the legitimate identity of the maintainers. This means that a malicious binary was signed with the cryptographic signature intended to guarantee its origin.

TeamPCP also implanted its persistence in the hooks of Claude Code (~/.claude/) and in the auto-execution tasks of VS Code (.vscode/tasks.json). A simple npm uninstall command is not enough to remove the code. As long as these hook files remain on the disk, the payload restarts every time a development tool is opened.

Regarding the payload, the package mistralai==2.4.6 downloads a file named transformers.pyz from the IP 83.142.209.194 to /tmp/, then launches a detached background process on Linux. The attackers chose this filename to mimic the Transformers library from Hugging Face, which is ubiquitous in AI environments. The malicious code searches for GitHub, npm, GitLab, and CircleCI tokens, cloud credentials for AWS, GCP, and Azure, Kubernetes and Vault secrets, as well as 1Password and Bitwarden vaults.

In an interview with French Breaches, TeamPCP explained how its operators worked under pressure. "The tokens we retrieved in our campaign propagated malware into their packages. We had to rush to clone the repositories before they were alerted and the keys were revoked," the hackers reported.

Although the demanded sum of $25,000 may seem modest compared to Mistral's valuation, which has raised several billion euros since 2023, this attack highlights the security challenges faced by tech companies. The week announced by TeamPCP for data disclosure expires around May 19 or 20, 2026.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.