TeamPCP Supply Chain Campaign - Cisco Source Code Stolen
High severity โ significant development or major threat actor activity
Basically, hackers stole Cisco's source code using a security tool called Trivy.
The TeamPCP campaign has escalated with the theft of Cisco's source code linked to Trivy. This raises serious security concerns for affected organizations. Stay updated on protective measures and developments.
What Happened
The TeamPCP supply chain campaign has reached a significant milestone with the theft of Cisco's source code. This incident is linked to a breach involving the security scanner Trivy. The report highlights the evolving tactics of cybercriminals who exploit trusted tools to infiltrate organizations.
Who's Behind It
The Google GTIG has identified TeamPCP as the threat actor, designated as UNC6780. This group has been active in targeting various organizations, leveraging vulnerabilities in widely used software and tools.
Recent Developments
This update consolidates intelligence gathered from April 3 to April 8, 2026. It follows the previous update, which detailed breaches affecting the European Commission and Sportradar. Mandiant has reported over 1,000 compromised SaaS environments connected to these incidents, showcasing the widespread impact of the TeamPCP campaign.
Implications for Security
The theft of source code poses a severe risk, as it can lead to further exploits and vulnerabilities in Cisco products. Organizations using Ciscoโs software should be particularly vigilant, as the stolen code could be used to develop targeted attacks.
What You Should Do
- Monitor your systems for any unusual activity related to Cisco products.
- Implement security patches and updates as they become available.
- Educate your team about the risks associated with using third-party tools and the importance of verifying their security.
- Stay informed about updates from CISA and other cybersecurity agencies regarding this ongoing threat.
๐ How to Check If You're Affected
- 1.Check for unauthorized access attempts in your Cisco systems.
- 2.Review logs for any unusual activities related to Trivy usage.
- 3.Ensure all Cisco products are updated to the latest security patches.
๐บ๏ธ MITRE ATT&CK Techniques
๐ Pro insight: The exploitation of trusted tools like Trivy indicates a shift in attack vectors, necessitating heightened scrutiny of supply chain security.
๐๏ธ Story Timeline
Sources
Also covered by
TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)