Escalating Supply Chain Threats from TeamPCP
Between late February and March 2026, TeamPCP, a threat group noted for its previous ransomware activities, conducted a series of targeted supply chain attacks against recognized open-source security tools, including Trivy, KICS, and LiteLLM. This operation has successfully injected malicious code into widely used software, resulting in significant data exfiltration and posing a grave risk to organizations reliant on these tools.
The sophisticated nature of these attacks involved compromises to CI/CD pipelines, exploiting vulnerabilities in GitHub Actions and PyPI registries. The malicious payloads were engineered to extract sensitive data such as cloud access tokens and SSH keys, while establishing backdoors for lateral movement within affected environments. The research indicates that approximately 300 GB of data has been exfiltrated from an estimated 500,000 machines, exposing multiple organizations across different sectors to subsequent attacks.
One notable aspect of this campaign is the utilization of SDK squatting and misconfiguration of security settings to enable persistence and data extraction. Figures included in the analysis highlight the tactics and technology adopted by TeamPCP, demonstrating an alarming shift in tactics that exploit the vulnerabilities of development and operational infrastructures that demand high privilege access.
Defensive Context
Organizations utilizing the compromised tools need to pay close attention to their CI/CD pipelines, as the attacks exploit inherent trust in widely used open-source resources. The incident particularly affects companies dependent on cloud solutions such as Kubernetes and various CI/CD tools since the attackers have effectively weaponized trusted developer infrastructure.
Why This Matters
The real-world risk escalates for organizations that incorporate these tools into their operations, particularly those relying on Open Source tools embedded within their security workflows. The breadth of the infection and the capacity for persistent lateral movement may provide attackers with access to sensitive information, potentially leading to ransom demands and further exploitation.
Defender Considerations
Specific actions should include auditing CI/CD pipelines and GitHub PATs for unauthorized changes. Organizations should also track known exfiltration channels and evaluate their configurations for vulnerabilities that TeamPCP exploited. If identified, organizations should report the use of compromised domains and IP addresses connected to the attack to reinforce their incident-response measures.
Indicators of Compromise (IOCs)
IP Addresses:
- 23.142.184[.]129
- 45.148.10[.]212
- 63.251.162[.]11
- 83.142.209[.]11
- 209.34.235[.]18
Domains:
- checkmarx[.]zone
- models.litellm[.]cloud
- scan.aquasecurtiy[.]org
- tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0[.]io
This intelligence brief underscores an urgent need for vigilance and proactive measures within development environments to mitigate the evolving threats posed by TeamPCP.
