TeamPCP - Investigating Post-Compromise Attacks in Cloud
Basically, TeamPCP is using stolen data to break into cloud systems quickly.
TeamPCP is exploiting stolen secrets from recent supply chain attacks to compromise cloud environments. Their rapid actions pose significant risks to affected organizations. Stay informed and secure your systems against these threats.
The Threat
Recently, a group known as TeamPCP has been linked to a series of post-compromise attacks following significant supply chain breaches. These attacks targeted popular open-source tools like Trivy, KICKS, and LiteLLM, injecting malware that steals sensitive credentials. The Wiz Customer Incident Response Team (CIRT) has tracked these operations, which began on March 19, 2026, and have escalated rapidly.
The malware deployed in these attacks is designed to harvest cloud credentials, SSH keys, and CI/CD secrets. Once these credentials are stolen, they are quickly validated and used to explore victim environments, leading to further data exfiltration. The speed of these operations indicates a well-coordinated effort by TeamPCP, potentially sharing stolen secrets with other malicious groups.
Who's Behind It
TeamPCP has shown a distinct modus operandi, leveraging open-source tools like TruffleHog for credential validation. Their attacks began with injecting malware into widely used tools, allowing them to access cloud environments within hours of the initial breach. They have targeted various AWS services, focusing on identity, compute, and container environments, showcasing their capability to navigate complex cloud infrastructures.
The group is not attempting to hide their activities. Instead, they prioritize speed and ease of use, employing bold naming conventions for their operations. Their activities have been traced back to VPN exit nodes, indicating a sophisticated approach to obfuscate their true locations while executing attacks.
Tactics & Techniques
The tactics employed by TeamPCP include executing malicious workflows within targeted repositories and using stolen Personal Access Tokens (PATs) to gain access to sensitive data. They have been observed creating pull requests that trigger malicious workflows, allowing them to run code in the context of the repository and access runtime secrets.
Additionally, they exploit AWS features such as ECS Exec to execute commands directly on running containers. This access enables them to explore the environment further and exfiltrate critical data, including source code and configuration files, which may contain additional secrets for further exploitation.
Defensive Measures
To combat the threat posed by TeamPCP, organizations must enhance their monitoring and incident response capabilities. It is crucial to enable and monitor audit logging across cloud service providers and version control systems. Incident responders should look for unusual activity, such as unexpected usage of VPN providers or anomalous API calls.
Key indicators of compromise (IOCs) include unusual enumeration activities, secret access validations, and mass cloning of repositories. Organizations should also be vigilant for signs of malicious workflow executions and ensure that appropriate security measures are in place to detect and respond to such threats effectively. By staying alert and proactive, organizations can better protect themselves against the evolving tactics of threat actors like TeamPCP.