Could this incident have been prevented?

Implementing robust supply chain security measures, such as thorough code reviews, dependency monitoring, and the use of trusted sources, could have mitigated the risk of such an attack.

Who was affected by the malicious 'telnyx' package?

Developers and organizations that integrated the compromised 'telnyx' versions into their projects were at risk of credential theft and subsequent security breaches.

TeamPCP's Malicious 'telnyx' PyPI Attack Exposes Supply Chain Vulnerabilities

In March 2026, TeamPCP compromised the 'telnyx' Python package on PyPI, embedding credential-stealing malware within .WAV files, highlighting critical supply chain security risks.

Published: March 27, 2026

Share this on:

Executive Summary

In March 2026, the threat actor group TeamPCP executed a supply chain attack by uploading two malicious versions (4.87.1 and 4.87.2) of the 'telnyx' Python package to the Python Package Index (PyPI). These versions concealed credential-stealing malware within .WAV files, enabling the exfiltration of sensitive data from compromised systems. The attack underscores the vulnerability of open-source repositories to sophisticated supply chain compromises.

This incident highlights the escalating trend of attackers targeting widely used open-source packages to distribute malware, emphasizing the need for enhanced vigilance and security measures in software supply chains.

Why This Matters Now

The TeamPCP attack on the 'telnyx' package demonstrates the increasing sophistication of supply chain attacks targeting open-source repositories, necessitating immediate action to secure software dependencies and prevent similar breaches.

Attack Path Analysis

TeamPCP compromised the telnyx Python package by injecting malicious code into versions 4.87.1 and 4.87.2, leading to credential harvesting through audio steganography. The attack did not involve privilege escalation or lateral movement. The malware established command and control by downloading and executing payloads from a remote server. Sensitive data was exfiltrated via encrypted HTTP POST requests. The impact included unauthorized access to credentials and potential system compromise.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

High

Lateral Movement

High

Command & Control

High

Exfiltration

High

Impact

High

Initial Compromise

Description

TeamPCP injected malicious code into the telnyx Python package versions 4.87.1 and 4.87.2, which, when imported, executed a credential harvester concealed within a .WAV file.

Confidence:

High

MITRE ATT&CK® Techniques

Initial Access

T1195.002

Compromise Software Supply Chain

Execution

T1059.006

Command and Scripting Interpreter: Python

Defense Evasion

T1564.001

Hide Artifacts: Hidden Files and Directories

Collection

T1005

Data from Local System

Exfiltration

T1041

Exfiltration Over C2 Channel

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

PCI DSS 4.0 – Ensure the integrity of software and firmware

Control ID: 6.3.2

The incident involved the distribution of malicious versions of a Python package, compromising software integrity and violating the requirement to ensure that software and firmware are protected against unauthorized changes.

NYDFS 23 NYCRR 500 – Cybersecurity Policy

Control ID: 500.03

The attack highlights deficiencies in the organization's cybersecurity policy, particularly in managing third-party software risks, which is essential for protecting information systems and nonpublic information.

DORA – ICT Risk Management Framework

Control ID: Article 6

The breach underscores the need for a robust ICT risk management framework to identify, assess, and mitigate risks associated with third-party software components, as mandated by DORA.

CISA Zero Trust Maturity Model 2.0 – Applications and Workloads

Control ID: Pillar 3

The incident reveals gaps in application security controls, emphasizing the necessity for continuous monitoring and validation of software components to prevent unauthorized access and data exfiltration.

NIS2 Directive – Cybersecurity Risk Management Measures

Control ID: Article 21

The supply chain attack indicates a failure to implement appropriate cybersecurity risk management measures, including the assessment and control of risks arising from third-party software dependencies, as required by the NIS2 Directive.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Computer Software/Engineering

Supply chain attacks targeting Python packages like Telnyx directly compromise software development workflows, threatening code integrity and credential security across development environments.

Information Technology/IT

Malicious PyPI packages with steganographic payloads in WAV files exploit IT infrastructure dependencies, requiring enhanced egress filtering and anomaly detection capabilities.

Financial Services

Credential harvesting through compromised development packages threatens sensitive financial data, requiring zero trust segmentation and encrypted traffic monitoring per compliance frameworks.

Health Care / Life Sciences

Supply chain compromises in healthcare development environments risk HIPAA compliance violations through credential theft and potential lateral movement to patient data systems.

Sources

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Fileshttps://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html
Verified

LiteLLM PyPI compromise: Everything we know so farhttps://www.itpro.com/security/litellm-pypi-compromise-everything-we-know-so-far

Verified

Top LLM PyPl package compromised to steal user details - here's what we knowhttps://www.techradar.com/pro/security/top-llm-pypl-package-compromised-to-steal-user-details-heres-what-we-know

Verified

Frequently Asked Questions

The attack revealed deficiencies in software supply chain security, emphasizing the need for stringent vetting of open-source dependencies to comply with frameworks like NIST 800-53 and PCI DSS.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the attacker's ability to establish command and control channels and exfiltrate sensitive data, thereby reducing the overall impact of the breach.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The CNSF may have limited the execution of unauthorized code by enforcing strict workload isolation and monitoring, thereby reducing the risk of initial compromise.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: While no privilege escalation occurred, Zero Trust Segmentation could have limited the attacker's ability to gain elevated access, thereby reducing potential impact.

Lateral Movement

Control: East-West Traffic Security

Mitigation: Although lateral movement was not observed, East-West Traffic Security could have limited the attacker's ability to move laterally, thereby reducing the potential spread of the attack.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: Multicloud Visibility & Control could have limited the establishment of command and control channels by monitoring and controlling outbound connections, thereby reducing the attacker's ability to communicate with external servers.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: Egress Security & Policy Enforcement could have limited data exfiltration by monitoring and controlling outbound data transfers, thereby reducing the risk of unauthorized data leakage.

Impact (Mitigations)

The implementation of Aviatrix Zero Trust CNSF could have limited the overall impact by reducing the attacker's ability to establish command and control channels and exfiltrate sensitive data.

Impact at a Glance

Affected Business Functions

Software Development
Data Security
Cloud Infrastructure Management

Operational Disruption

Estimated downtime: 7 days

Financial Impact

Estimated loss: $500,000

Data Exposure

Potential exposure of sensitive credentials including SSH keys, cloud tokens, Kubernetes secrets, and crypto wallets.

Recommended Actions

• Implement Zero Trust Segmentation to restrict unauthorized access and limit the spread of potential threats.
• Enhance Egress Security & Policy Enforcement to monitor and control outbound traffic, preventing unauthorized data exfiltration.
• Deploy Inline IPS (Suricata) to detect and block known exploit patterns and malicious payloads.
• Utilize Multicloud Visibility & Control to gain comprehensive insights into network traffic and detect anomalous activities.
• Regularly audit and secure CI/CD pipelines to prevent supply chain attacks and ensure the integrity of software releases.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

TeamPCP's Malicious 'telnyx' PyPI Attack Exposes Supply Chain Vulnerabilities

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

MITRE ATT&CK® Techniques

Compromise Software Supply Chain

Command and Scripting Interpreter: Python

Hide Artifacts: Hidden Files and Directories

Data from Local System

Exfiltration Over C2 Channel

Potential Compliance Exposure

PCI DSS 4.0 – Ensure the integrity of software and firmware

NYDFS 23 NYCRR 500 – Cybersecurity Policy

DORA – ICT Risk Management Framework

CISA Zero Trust Maturity Model 2.0 – Applications and Workloads

NIS2 Directive – Cybersecurity Risk Management Measures

Sector Implications

Computer Software/Engineering

Information Technology/IT

Financial Services

Health Care / Life Sciences

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads