Almost certainly a foreign government, or at least state sponsored.

Lol, the “big news” is an infected VScode extension with 4k users stealing 3k github credentials…

I wonder who made the list of “don’t touch these repos, they’re propping up our proprietary software sans attribution” for the LLM injectabots to avoid.

I realize that the end game here is SUPPOSED to be “erode all trust in free software” but the ineptitude of those profiting off of proprietary software is such that they WILL fuck this up in such a way that it hurts themselves too, it’s just a matter of when.