Vect and TeamPCP Alliance Creates 'Industrialized Ransomware' Pipeline
Sophos and FBI warn of new partnership combining supply chain credential theft with ransomware deployment. 500,000 credentials already stolen.
12 articles tagged with "Teampcp"
Sophos and FBI warn of new partnership combining supply chain credential theft with ransomware deployment. 500,000 credentials already stolen.
Grafana Labs confirms hackers stole source code through a GitHub token that slipped through rotation after the TanStack supply chain compromise. The company refused to pay the ransom demand.
TeamPCP compromised 84 versions across 42 TanStack packages on May 11 using GitHub Actions cache poisoning. The malware steals CI/CD credentials and includes a wiper that triggers on token revocation.
Three malicious versions of the xinference AI inference library were uploaded to PyPI, targeting cloud credentials and SSH keys from 680K+ users. TeamPCP claims a copycat is responsible.
Four official SAP CAP ecosystem packages compromised on April 29, harvesting developer credentials, cloud secrets, and CI/CD tokens through malicious preinstall scripts.
TeamPCP threat actors backdoored versions 2.6.2 and 2.6.3 of the popular AI framework, harvesting SSH keys, cloud credentials, and GitHub tokens from millions of developers.
TeamPCP compromised the popular telnyx Python SDK on PyPI, hiding credential-stealing malware inside WAV audio files. Versions 4.87.1 and 4.87.2 affected—downgrade immediately.
Stolen CI credentials from Trivy breach enabled TeamPCP to compromise Checkmarx KICS GitHub Actions, poisoning all 35 version tags with credential-stealing malware in four-hour window.
Malicious LiteLLM versions 1.82.7 and 1.82.8 deployed credential harvester, Kubernetes lateral movement tools, and persistent backdoor. Package sees 3 million daily downloads.
TeamPCP's supply chain attack expands with a Kubernetes wiper that detects Iranian systems via timezone and locale, wiping clusters while backdooring everyone else.
TeamPCP threat actors hijacked Aqua Security's Trivy vulnerability scanner, compromising 75 GitHub Action tags and spreading credential-stealing malware to 47 npm packages via blockchain C2.
Cloud-native worm campaign by TeamPCP has compromised 60,000+ servers by exploiting Docker APIs, Kubernetes, and React2Shell. Flare researchers detail the industrialized operation.