Skip to content
Data Breach

FBI Warns TeamPCP Hackers Compromise Developer Tools in Large-Scale Supply Chain Attacks

A new wave of software supply chain attacks has put developers and security teams on high alert. The threat group behind it, known as TeamPCP, has been quietly slipping malicious code into trusted development and security tools used by companies worldwide. Once inside, the group harvests cloud crede...

· Jul 03, 2026 · 7 min read · 👁 1 views
FBI Warns TeamPCP Hackers Compromise Developer Tools in Large-Scale Supply Chain Attacks

A new wave of software supply chain attacks has put developers and security teams on high alert.

The threat group behind it, known as TeamPCP, has been quietly slipping malicious code into trusted development and security tools used by companies worldwide.

Once inside, the group harvests cloud credentials, SSH keys, and other sensitive secrets that can unlock entire corporate networks.

What makes this campaign especially dangerous is its scale and its target selection. Rather than going after random victims, TeamPCP has focused on tools that developers already trust and use every day inside their build pipelines.

That trust is exactly what the attackers exploited to spread malware far beyond a single company.

The FBI said in a report shared with Cyber Security News (CSN) that TeamPCP has conducted large scale software supply chain compromises by targeting widely used developer and security tools.

The bureau warned that the group gained access to victim environments and extracted sensitive data, including cloud access tokens, SSH keys, and Kubernetes secrets.

Beyond stealing data, TeamPCP has also turned to extortion. The group has published victim names on a public leak site and threatened to release stolen information unless demands are met.

This shift from quiet espionage to public pressure adds another layer of risk. Security teams are being urged to treat any exposure from this campaign as an ongoing threat rather than a one time event.

Even after cleanup, stolen credentials can resurface months later in the hands of other criminal groups looking to cash in on the access TeamPCP obtained.

FBI Warns TeamPCP Hackers Compromise Developer Tools

TeamPCP’s method centers on injecting malicious code directly into legitimate software packages.

By modifying components and dependencies inside popular tools like Trivy, KICS, LiteLLM, and the Telnyx Python SDK, the group pushed trojanized updates that looked normal to developers downloading them.

These tools are deeply embedded in enterprise continuous integration and continuous delivery pipelines, making them an ideal entry point.

A single compromised update can quietly ride along into thousands of downstream systems before anyone notices anything wrong.

Once installed, the tainted packages secretly deployed credential stealing malware and backdoors, giving TeamPCP persistent footholds inside developer environments.

From there, attackers could pivot deeper into cloud infrastructure and steal more sensitive material over time.

Malware Families Behind the Campaign

TeamPCP relies on a handful of custom tools to carry out its attacks. CanisterWorm is built to harvest cloud access tokens and API keys tied to services like AWS, Google Cloud, and Microsoft Azure, giving attackers a direct line into cloud accounts.

SANDCLOCK works alongside it, pulling AWS credentials, Kubernetes ServiceAccount tokens, local environment variables, and even cryptocurrency wallet data from infected systems.

Together these tools give TeamPCP a wide net for collecting secrets. The group also uses Mini Shai-Hulud, a self-replicating worm that spreads across the npm and PyPI open source ecosystems on its own.

A closely related variant called Miasma follows the same approach while also poisoning configuration files and harvesting credentials as it moves.

The FBI is asking any organization that suspects it has been hit by TeamPCP to report the incident to a local FBI field office or the Internet Crime Complaint Center. Investigators want details like affected package names, CI/CD pipeline logs, network logs, and any extortion messages received.

On the defensive side, the bureau recommends pinning GitHub Actions workflows to verified commit hashes instead of floating tags, and rotating every CI/CD secret and cloud credential that may have been exposed.

Teams should also search their GitHub organizations for repositories named tpcp-docs or docs-tpcp, since these are created by the worm using stolen credentials.

Other suggested steps include enforcing least privilege on CI/CD service accounts, requiring phishing resistant multi factor authentication for repository access, and setting a minimum age threshold before new packages can be installed.

Keeping offline, immutable backups of critical repositories rounds out the FBI’s guidance for reducing both the likelihood and impact of a TeamPCP compromise.

Indicators of Compromise (IoCs):-

TypeIndicatorDescription
IP Address83.142.209.11Associated with TeamPCP infrastructure 
IP Address45.148.10.212Associated with TeamPCP infrastructure 
IP Address83.142.209.194Associated with TeamPCP infrastructure 
IP Address83.142.209.203Associated with TeamPCP infrastructure 
IP Address94.154.172.43Associated with TeamPCP infrastructure 
IP Address67.217.57.240Associated with TeamPCP infrastructure 
Domainscan.aquasecurtiy[.]orgMalicious lookalike domain used in campaign 
Domaincheckmarx[.]zoneMalicious domain impersonating security vendor 
Domain/URLcheckmarx[.]zone/vsxPath used for malicious content delivery 
Domain/URLcheckmarx[.]zone/static/checkmarx-util-1.0.4.tgzMalicious package payload location 
Domain/URLcheckmarx[.]zone/rawPath used for malicious content delivery 
Domainmodels.litellm[.]cloudMalicious domain used in campaign 
Domaintdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0[.]ioMalicious domain used for exfiltration/C2 
Domaincheck.git-service[.]comMalicious domain used in campaign 
Domaint.m-kosche[.]comMalicious domain used in campaign 
Domaingit-tanstack[.]comMalicious domain used in campaign 
Domainrecv.hackmoltrepeat[.]comMalicious domain used for exfiltration 
Domain/URLaudit.checkmarx[.]cx/v1/telemetryMalicious telemetry endpoint 
File Hash18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671aAssociated malicious file 
File Hashc37c0ae9641d2e5329fcdee847a756bf1140fdb7f0b7c78a40fdc39055e7d926Associated malicious file 
File Hash0c0d206d5e68c0cf64d57ffa8bc5b1dad54f2dda52f24e96e02e237498cb9c3aAssociated malicious file 
File Hash61ff00a81b19624adaad425b9129ba2f312f4ab76fb5ddc2c628a5037d31a4baAssociated malicious file 
File Hashf398f06eefcd3558c38820a397e3193856e4e6e7c67f81ecc8e533275284b152Associated malicious file 
File Hash7df6cef7ab9aae2ea08f2f872f6456b5d51d896ddda907a238cd6668ccdc4bb7Associated malicious file 
File Hash5e2ba7c4c53fa6e0cef58011acdd50682cf83fb7b989712d2fcf1b5173bad956Associated malicious file 
File Hashe9b1e069efc778c1e77fb3f5fcc3bd3580bbc810604cbf4347897ddb4b8c163bAssociated malicious file 
File Hash069ac1dc7f7649b76bc72a11ac700f373804bfd81dab7e561157b703999f44ceAssociated malicious file 
File Hash7d80b3ef74ad7992b93c31966962612e4e2ceb93e7727cdbd1d2a9af47d44ba8Associated malicious file 
File Hashaeaf583e20347bf850e2fabdcd6f4982996ba023f8c2cd56bbd299cfd56516f5Associated malicious file 
File Hash877ff2531a63393c4cb9c3c86908b62d9c4fc3db971bc231c48537faae6cb3ecAssociated malicious file 
File Hash4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34Associated malicious file 
File Hash80a3d2877813968ef847ae73b5eeeb70b9435254e74d7f07d8cf4057f0a710acAssociated malicious file 
File Hash6f933d00b7d05678eb43c90963a80b8947c4ae6830182f89df31da9f568fea95Associated malicious file 
File Hasheb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdbAssociated malicious file 
File Hash29ac906c8bd801dfe1cb39596197df49f80fff2270b3e7fbab52278c24e4f1a7Associated malicious file 
File Hasha68dd1e6a6e35ec3771e1f94fe796f55dfe65a2b94560516ff4ac189390dfa1cAssociated malicious file 
File Hash71e35aef03099cd1f2d6446734273025a163597de93912df321ef118bf135238Associated malicious file 
File Hasha0d229be8efcb2f9135e2ad55ba275b76ddcfeb55fa4370e0a522a5bdee0120bAssociated malicious file 
File Hash6cf223aea68b0e8031ff68251e30b6017a0513fe152e235c26f248ba1e15c92aAssociated malicious file 
File Hash88896d478986d453f5da79b311de39d9b4b1bea95c21af1d8ef181b0f4e52fe9Associated malicious file 
File Hash21b6409a7b84446310daca5409ad6112ac60a1e4bef97736e53fff5f63bfdef4Associated malicious file 
File Hash0dc06ecdaa63fe24859cfd955053c23245c536e4733480239d14bebf12688e35Associated malicious file 
File Hash633c8410ee0413ca4b090a19c30b20c03f31598c25247c484846fa34c1df5b64Associated malicious file 
File Hashef641e956f91d501b748085996303c96a64d67f63bfeef0dda175e5aa19cca90Associated malicious file 
Repository Nametpcp-docsMalicious repository created by worm using stolen credentials 
Repository Namedocs-tpcpMalicious repository created by worm using stolen credentials 
CVECVE-2026-33634Associated vulnerability exploited in campaign 
CVECVE-2026-48027Associated vulnerability exploited in campaign 
CVECVE-2026-45321Associated vulnerability exploited in campaign 
CVECVE-2025-55182Associated vulnerability exploited in campaign 

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Source: CybersecurityNews.com

Follow ShomoySoft for more: Follow on Facebook

💬 Comments (0)

Login to join the discussion.

No comments yet. Be the first!

Recommended for you