Executive Summary
In March 2026, the threat actor group TeamPCP executed a series of sophisticated supply chain attacks, compromising widely used open-source tools such as Trivy, KICS, LiteLLM, and Telnyx. By injecting malicious code into these trusted software packages, TeamPCP deployed infostealer malware to harvest sensitive credentials, including API keys, SSH keys, and cloud service tokens. Utilizing the stolen credentials, the group swiftly breached cloud environments across AWS, Azure, and various SaaS platforms, conducting extensive reconnaissance and data exfiltration activities. This campaign underscores the critical need for organizations to promptly rotate and revoke compromised credentials to mitigate the risk of unauthorized access and data breaches. The rapid escalation and breadth of TeamPCP's attacks highlight a concerning trend in cyber threats, emphasizing the importance of securing software supply chains and implementing robust monitoring mechanisms to detect and respond to credential misuse promptly.
Why This Matters Now
The rapid escalation and breadth of TeamPCP's attacks highlight a concerning trend in cyber threats, emphasizing the importance of securing software supply chains and implementing robust monitoring mechanisms to detect and respond to credential misuse promptly.
Attack Path Analysis
TeamPCP initiated their attack by compromising the Trivy security scanner, embedding malicious code to harvest credentials. Utilizing these stolen credentials, they escalated privileges within AWS and Azure environments, gaining broader access. They then moved laterally across cloud services, exploiting misconfigurations and weak access controls. Establishing command and control channels, they executed code remotely and maintained persistence. Sensitive data was exfiltrated from S3 buckets and other cloud resources. The attack culminated in significant data breaches and potential operational disruptions.
Kill Chain Progression
Initial Compromise
Description
TeamPCP compromised the Trivy security scanner, embedding malicious code to harvest credentials.
Related CVEs
CVE-2026-33634
CVSS 8.8Malicious code injection in Trivy's GitHub Actions workflows allows unauthorized execution of credential-stealing malware.
Affected Products:
Aqua Security Trivy – *
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Valid Accounts: Cloud Accounts
Compromise Accounts: Cloud Accounts
Account Manipulation: Additional Cloud Credentials
Account Discovery: Cloud Account
Data from Cloud Storage Object
Exfiltration Over Web Service: Exfiltration to Cloud Storage
Resource Hijacking: Cloud Service Hijacking
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Secure Authentication and Access Control
Control ID: 6.4.3
NYDFS 23 NYCRR 500 – Multi-Factor Authentication
Control ID: 500.12
DORA – ICT Risk Management Framework
Control ID: Article 6
CISA ZTMM 2.0 – Identity and Access Management
Control ID: Identity Pillar
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
High risk from TeamPCP supply chain attacks targeting open source projects like Trivy, KICS, LiteLLM affecting software development environments and cloud infrastructure.
Information Technology/IT
Critical exposure through compromised AWS/Azure credentials enabling lateral movement, data exfiltration from S3 buckets, and unauthorized access to cloud management systems.
Financial Services
Severe compliance risk from stolen API keys and secrets potentially violating PCI DSS requirements while enabling unauthorized access to payment systems.
Computer/Network Security
Direct impact as security tools like Trivy scanner were compromised, undermining trust in security infrastructure and enabling credential harvesting campaigns.
Sources
- TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentialshttps://www.darkreading.com/cloud-security/teampcp-breaches-cloud-saas-instances-stolen-credentialsVerified
- Trojanization of Trivy, Checkmarx, and LiteLLM solutionshttps://www.kaspersky.com/blog/critical-supply-chain-attack-trivy-litellm-checkmarx/55510/Verified
- LiteLLM PyPI compromise: Everything we know so farhttps://www.itpro.com/security/litellm-pypi-compromise-everything-we-know-so-farVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust Cloud Native Security Fabric (CNSF) is pertinent to this incident as it embeds security directly into the cloud infrastructure, potentially limiting the attacker's ability to escalate privileges, move laterally, and exfiltrate data.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: While Aviatrix CNSF may not prevent the initial compromise of third-party tools, it could limit the attacker's ability to exploit harvested credentials within the cloud environment.
Control: Zero Trust Segmentation
Mitigation: Aviatrix Zero Trust Segmentation could likely limit the attacker's ability to escalate privileges by enforcing strict access controls and segmenting workloads.
Control: East-West Traffic Security
Mitigation: Aviatrix East-West Traffic Security could likely reduce the attacker's ability to move laterally by monitoring and controlling internal traffic between workloads.
Control: Multicloud Visibility & Control
Mitigation: Aviatrix Multicloud Visibility & Control could likely limit the establishment of command and control channels by providing comprehensive monitoring and control over multicloud environments.
Control: Egress Security & Policy Enforcement
Mitigation: Aviatrix Egress Security & Policy Enforcement could likely reduce the attacker's ability to exfiltrate sensitive data by controlling outbound traffic and enforcing egress policies.
While Aviatrix CNSF may not entirely prevent data breaches, it could likely reduce the scope and impact by limiting unauthorized access and data movement within the cloud environment.
Impact at a Glance
Affected Business Functions
- Software Development
- Cloud Infrastructure Management
- Data Security
Estimated downtime: 7 days
Estimated loss: $500,000
Compromised credentials including SSH keys, API tokens, and cloud access credentials.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to enforce least privilege access and limit lateral movement.
- • Deploy Egress Security & Policy Enforcement to monitor and control outbound traffic, preventing unauthorized data exfiltration.
- • Utilize Multicloud Visibility & Control tools to detect and respond to anomalous activities across cloud environments.
- • Apply Threat Detection & Anomaly Response mechanisms to identify and mitigate credential misuse promptly.
- • Regularly audit and rotate credentials to minimize the risk of unauthorized access.
