TeamPCP’s Supply Chain Attack - Weaponizing Security Tools
Basically, a hacker group used trusted software to steal sensitive data from many organizations.
TeamPCP has launched a multi-stage supply chain attack on trusted security tools. This breach has exposed sensitive data from numerous organizations, raising serious security concerns. Organizations must act quickly to secure their infrastructures and protect against further exploitation.
The Threat
Between late February and March 2026, the threat group TeamPCP executed a series of calculated supply chain attacks. They targeted well-known open-source security tools, including Trivy, KICS, and LiteLLM. By injecting malicious payloads into these tools, TeamPCP was able to access sensitive data such as cloud access tokens and SSH keys. This attack is particularly alarming because it weaponizes infrastructure that typically requires elevated privileges, granting attackers unimpeded access to critical production secrets.
The scale of this operation is staggering. Reports suggest that TeamPCP may have exfiltrated over 300 GB of data from 500,000 infected machines. This breach not only affects the primary targets but also allows attackers to compromise additional packages, potentially impacting organizations across various sectors.
Who's Behind It
TeamPCP, also known by aliases like PCPcat and ShellForce, has gained notoriety for its sophisticated tactics. Their previous operations included ransomware and cryptocurrency theft, but they have shifted their focus to supply chain compromises. This change in strategy signifies a growing trend among cybercriminals to target the very tools that organizations rely on for security.
The group has recently partnered with other ransomware organizations, including Vect, to enhance their capabilities. This collaboration is likely to amplify their impact, as they can now leverage shared resources and intelligence to conduct more extensive attacks.
Tactics & Techniques
TeamPCP's attacks involved multiple stages, starting with the compromise of trusted repositories. For instance, they exploited an incomplete credential rotation in the Aqua Security Trivy GitHub repository. By force-pushing malicious code, they introduced a payload that harvested credentials from cloud environments. This payload evolved through several versions, showcasing the group's adaptability and technical prowess.
In addition to targeting Trivy, TeamPCP also compromised Checkmarx KICS and LiteLLM. They used stolen tokens to inject malicious code into these platforms, further extending their reach. Their tactics included using SDK-squatting, which maximized the likelihood of malware landing in high-privilege corporate environments. This approach turned a single vendor breach into a systemic risk for downstream consumers of these SDKs.
Defensive Measures
Organizations must take immediate action to protect themselves from such sophisticated attacks. It is crucial to identify vulnerable packages and harden CI/CD policies. Regular audits of open-source dependencies can help mitigate risks associated with supply chain attacks. Additionally, implementing strict access controls and monitoring for unusual activities can prevent unauthorized access to sensitive data.
For those affected, engaging with incident response teams, such as Unit 42, can provide valuable insights and support in recovering from a breach. As cyber threats continue to evolve, staying informed and proactive is essential for maintaining security in today's digital landscape.