Executive Summary
In March 2026, the threat actor group TeamPCP executed a sophisticated supply chain attack, compromising widely used developer tools including Aqua Security's Trivy, Checkmarx's KICS, and the LiteLLM Python package. By exploiting stolen credentials, they injected credential-stealing malware into these tools, leading to the exfiltration of sensitive data such as API keys, cloud service credentials, and source code from numerous organizations. The attack unfolded rapidly over a span of five days, with each compromised tool serving as a vector to infiltrate the next, demonstrating the cascading risks inherent in supply chain vulnerabilities.
This incident underscores the critical importance of securing the software supply chain, especially as attackers increasingly target trusted development tools to gain unauthorized access. Organizations must implement robust security measures, including regular credential rotation, stringent access controls, and continuous monitoring of CI/CD pipelines, to mitigate the risks associated with such attacks.
Why This Matters Now
The TeamPCP attack highlights the escalating threat of supply chain compromises, emphasizing the need for immediate action to secure development environments and prevent similar incidents.
Attack Path Analysis
TeamPCP initiated their attack by exploiting stolen credentials to gain unauthorized access to trusted software repositories. They escalated their privileges by injecting credential-harvesting malware into widely used tools like Trivy and Checkmarx GitHub Actions. This allowed them to move laterally across multiple ecosystems, compromising additional software distribution platforms. The attackers established command and control by exfiltrating stolen credentials to attacker-controlled domains. They then exfiltrated sensitive data, including cloud access tokens and API keys, from compromised environments. The impact was extensive, leading to potential operational disruptions, financial fraud, and reputational damage for affected organizations.
Kill Chain Progression
Initial Compromise
Description
TeamPCP exploited stolen credentials to gain unauthorized access to trusted software repositories, including Trivy and Checkmarx GitHub Actions.
Related CVEs
CVE-2026-33634
CVSS 8.8Malicious code injection in Trivy's GitHub Actions workflows allows unauthorized credential harvesting.
Affected Products:
Aqua Security Trivy – 0.69.5, 0.69.6
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Compromise Software Supply Chain
Valid Accounts
Unsecured Credentials: Credentials in Files
Credentials from Password Stores: Credentials from Web Browsers
Modify Authentication Process: Network Provider DLL
Application Layer Protocol: Web Protocols
Exfiltration Over Web Service: Exfiltration to Cloud Storage
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Change Control Processes
Control ID: 6.4.1
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Identity and Access Management
Control ID: 3.1
NIS2 Directive – Supply Chain Security
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Supply chain compromises targeting software repositories and development tools expose extensive credential theft, code injection, and downstream distribution risks across development ecosystems.
Computer/Network Security
Security tools themselves become primary attack vectors, with vulnerability scanners and application security platforms compromised to harvest credentials and enable lateral movement.
Financial Services
Stolen credentials enable payroll redirection attacks, direct deposit manipulation, and financial fraud through compromised banking and payment processing system access tokens.
Logistics/Procurement
Credential harvesting facilitates freight rerouting scams, double brokering fraud, and shipment manipulation through compromised transportation and logistics platform access.
Sources
- Your Supply Chain Breach Is Someone Else's Paydayhttps://www.recordedfuture.com/blog/your-supply-chain-breach-is-someone-else-paydayVerified
- Multiple supply chain compromises of open source projectshttps://access.redhat.com/security/vulnerabilities/RHSB-2026-001Verified
- Trojanization of Trivy, Checkmarx, and LiteLLM solutionshttps://www.kaspersky.com/blog/critical-supply-chain-attack-trivy-litellm-checkmarx-teampcp/55510/Verified
- TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaignhttps://hackread.com/teampcp-trivy-checkmarx-litellm-credential-theft/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have constrained the attacker's ability to move laterally and exfiltrate sensitive data by enforcing strict segmentation and identity-aware policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to access and manipulate software repositories would likely be constrained, reducing the risk of unauthorized code injection.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges within development environments would likely be constrained, limiting unauthorized access.
Control: East-West Traffic Security
Mitigation: The attacker's ability to move laterally across ecosystems would likely be constrained, reducing the spread of the attack.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish command and control channels would likely be constrained, reducing unauthorized data exfiltration.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to exfiltrate sensitive data would likely be constrained, reducing data loss.
The overall impact of the attack would likely be reduced, limiting operational disruptions and reputational damage.
Impact at a Glance
Affected Business Functions
- Software Development
- Continuous Integration/Continuous Deployment (CI/CD) Pipelines
- Application Security Testing
Estimated downtime: 5 days
Estimated loss: $5,000,000
Compromised credentials including SSH keys, cloud access tokens, and API keys from affected development environments.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to enforce least privilege access and limit lateral movement within the network.
- • Deploy East-West Traffic Security controls to monitor and restrict internal traffic, preventing unauthorized access between workloads.
- • Utilize Multicloud Visibility & Control solutions to gain comprehensive insights into cloud environments and detect anomalous activities.
- • Enforce Egress Security & Policy Enforcement to control outbound traffic and prevent data exfiltration to unauthorized destinations.
- • Establish Threat Detection & Anomaly Response mechanisms to identify and respond to suspicious behaviors in real-time.
