CybersecurityJuly 4, 2026· via Security Affairs

Supply chain attacks rise as TeamPCP steals cloud credentials via dev tools

Supply chain attacks rise as TeamPCP steals cloud credentials via dev tools

Image : Security Affairs

A new FBI alert reveals how a cybercriminal group called TeamPCP has weaponized trusted developer tools to steal cloud credentials at scale. Instead of targeting individual users, the group compromised widely used software packages—including container scanners, static analysis tools, and AI API libraries—then distributed malicious updates through normal channels. Once pulled into CI/CD pipelines, the tainted tools installed credential-stealing malware and persistent backdoors without detection.

The anatomy of a supply chain attack

TeamPCP’s method is both simple and effective: inject malicious code into legitimate packages, push the altered versions through standard distribution channels, and let automated build systems pull them in. The FBI’s FLASH alert highlights four modified tools—Trivy, KICS, LiteLLM, and the Telnyx Python SDK—each commonly integrated into enterprise workflows. By compromising a single update, the group gains access to countless organizations simultaneously.

Worms that spread on their own

The group deployed four malware families, but two stand out for their self-replicating behavior. Mini Shai-Hulud and its variant Miasma not only infect initial targets but autonomously spread across open-source registries like npm and PyPI, harvesting credentials and poisoning configuration files as they go. The FBI also identified two GitHub repositories—tpcp-docs and docs-tpcp—created by the malware using stolen credentials, signaling an escalation in the group’s tactics.

Extortion and collaboration amplify the threat

Beyond credential theft, TeamPCP has engaged in extortion, publishing victim names on a public leak site and threatening to disclose stolen data. The FBI warns that the group’s activities extend beyond technical breaches, creating additional pressure on affected organizations to comply with demands. This multi-pronged approach underscores the growing sophistication of supply chain threats, where attackers exploit trust in software ecosystems to maximize impact.


Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.

Read the original source on Security Affairs →

← Back to home