The TeamPCP supply chain campaign is a multi-phase, sophisticated cyberattack operation targeting open-source software ecosystems and CI/CD pipelines. Beginning March 19, 2026, TeamPCP has compromised packages in PyPI (Python Package Index), npm, and potentially other registries, using stolen credentials harvested from CI/CD pipelines to inject malicious code into widely used software packages. The campaign’s operational tempo was aggressive, with new compromises every 1-3 days, including notable targets such as Trivy, CanisterWorm, Checkmarx, LiteLLM, and Telnyx. The attackers have demonstrated advanced operational security by rotating command and control infrastructure, exfiltration endpoints, and employing diverse packaging and obfuscation techniques such as raw scripts, npm worms, .pth exploitation, and WAV steganography. Recently, the campaign shifted focus from expanding supply chain compromises to monetizing existing stolen credentials, including a partnership with the Vect ransomware group. Behavioral detection rules published by Palo Alto Networks focus on anomalous CI/CD runner behaviors such as unexpected credential directory enumeration, bulk secret reads from process memory, creation of large encrypted archives, and outbound data transfers to newly registered domains. This approach counters the attacker’s infrastructure rotation and evasion tactics. The campaign also employs novel data exfiltration via GitHub Releases API, which bypasses traditional firewall and DLP controls by blending with legitimate API traffic. Additionally, TeamPCP deployed a Kubernetes wiper targeting Iranian systems, deleting host filesystem contents when Farsi language settings are detected. The Cloud Security Alliance published defensive playbooks including Kubernetes admission controller policies to block privileged DaemonSets with hostPath mounts. GitGuardian’s analysis revealed a staggering credential fan-out ratio exceeding 10,000:1, illustrating how a single compromised token cascades into thousands of downstream secret exposures, amplifying risk exponentially. Despite a recent 48-hour pause in new compromises, the threat remains active with potential for resurgence. The campaign’s complexity, scale, and evolving tactics underscore the critical need for heightened supply chain security and CI/CD pipeline monitoring.

The TeamPCP campaign poses severe risks to organizations globally, especially those relying heavily on open-source software and automated CI/CD pipelines. The compromise of widely used packages can lead to the distribution of malicious code to millions of downstream users, potentially affecting software integrity and availability. The credential theft and subsequent fan-out effect exponentially increase the attack surface, enabling attackers to infiltrate numerous organizations and systems beyond the initial compromise. The partnership with ransomware affiliates like Vect elevates the risk of destructive ransomware deployments, data encryption, and extortion, potentially causing operational disruption and financial loss. The Kubernetes wiper component introduces a destructive threat to containerized environments, particularly in targeted regions, risking data loss and service outages. The use of stealthy exfiltration techniques that evade traditional network defenses complicates detection and response efforts. Organizations may face reputational damage, regulatory penalties, and operational downtime. The campaign’s persistence and ability to adapt infrastructure and tactics make it a long-term threat requiring sustained vigilance.

1. Conduct immediate and comprehensive credential rotations across all CI/CD pipelines, package registries, and related systems to invalidate stolen tokens and secrets. 2. Deploy and tune behavioral detection rules for CI/CD runners, such as those published by Palo Alto Networks, focusing on anomalous process memory reads, bulk secret access, archive creation, and outbound connections to newly registered domains. 3. Implement Kubernetes admission controller policies to block privileged DaemonSets with hostPath mounts, preventing deployment of destructive wiper components. 4. Enhance monitoring of package registries for suspicious package uploads and enforce stricter package signing and verification policies. 5. Conduct organization-wide IOC sweeps for indicators related to TeamPCP infrastructure and payloads, including unusual GitHub Releases API activity. 6. Harden CI/CD pipeline security by restricting access to secrets, employing least privilege principles, and enabling audit logging. 7. Collaborate with supply chain partners to share threat intelligence and coordinate response efforts. 8. Prepare incident response plans for potential ransomware or destructive attacks linked to stolen credentials. 9. Evaluate and enhance network defenses to detect and block anomalous encrypted data transfers and newly registered domain communications during build workflows. 10. Educate development and security teams on the risks of supply chain attacks and the importance of secure software development lifecycle practices.