Executive Summary
In March 2026, the cybercriminal group TeamPCP orchestrated a series of sophisticated supply chain attacks targeting widely used open-source software components, including Aqua Security's Trivy, Checkmarx's KICS GitHub Action, and the LiteLLM Python package. By compromising these trusted tools, TeamPCP embedded credential-stealing malware, enabling them to harvest sensitive data such as cloud credentials, SSH keys, and Kubernetes tokens from numerous organizations. The European Commission and AI startup Mercor were among the victims, with the former experiencing a significant data breach involving approximately 92 GB of sensitive information. The rapid succession and scale of these attacks underscore the critical vulnerabilities present in software supply chains and the need for enhanced security measures. (darkreading.com)
The involvement of additional threat actors, notably ShinyHunters and Lapsus$, has further complicated the threat landscape. These groups have been observed leveraging the stolen data for extortion and monetization purposes, indicating a dangerous convergence between supply chain attackers and extortion gangs. This development highlights the evolving nature of cyber threats and the importance of proactive defense strategies to mitigate the risks associated with compromised software dependencies. (infosecurity-magazine.com)
Why This Matters Now
The TeamPCP supply chain attacks reveal a critical vulnerability in widely trusted open-source tools, emphasizing the urgent need for organizations to reassess and fortify their software supply chain security to prevent similar breaches.
Attack Path Analysis
TeamPCP initiated the attack by compromising Aqua Security's Trivy vulnerability scanner, embedding malicious code to harvest credentials. Using the stolen credentials, they escalated privileges to access sensitive environments. They then moved laterally by compromising Checkmarx's KICS GitHub Action and LiteLLM, further embedding malicious code. Command and control were established through decentralized infrastructure, enabling persistent remote access. Exfiltration of sensitive data, including SSH keys and cloud credentials, was conducted via trusted platforms. The impact included widespread data breaches and the deployment of ransomware through partnerships with groups like Vect.
Kill Chain Progression
Initial Compromise
Description
TeamPCP compromised Aqua Security's Trivy vulnerability scanner by embedding malicious code to harvest credentials.
MITRE ATT&CK® Techniques
Compromise Software Supply Chain
Valid Accounts
Account Discovery
Data from Local System
Exfiltration Over C2 Channel
Domain Trust Modification: Domain Trust Modification
Application Layer Protocol: Web Protocols
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches.
Control ID: 6.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 6
CISA ZTMM 2.0 – Data Security
Control ID: Pillar 3: Data
NIS2 Directive – Supply Chain Security
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Critical exposure to supply chain attacks targeting open source projects, compromised development tools, and stolen credentials enabling cloud infrastructure breaches.
Government Administration
European Commission breach demonstrates high-risk exposure to supply chain attacks compromising security tools, leading to AWS credential theft and data exfiltration.
Information Technology/IT
Multi-stage supply chain attacks compromise CI/CD pipelines, development tools like Trivy, enabling credential harvesting and cloud environment lateral movement.
Financial Services
High-value target for TeamPCP's weaponized credentials and ransomware alliance, facing regulatory compliance risks from compromised development and cloud security tools.
Sources
- Blast Radius of TeamPCP Attacks Expands Amid Hacker Infightinghttps://www.darkreading.com/threat-intelligence/teampcp-attacks-hacker-infightingVerified
- European Commission cloud breach: a supply-chain compromisehttps://cert.europa.eu/blog/european-commission-cloud-breach-trivy-supply-chainVerified
- Supply Chain Compromise, Technique T0862 - ICS | MITRE ATT&CK®https://attack.mitre.org/techniques/T0862/Verified
- Defending Against Software Supply Chain Attackshttps://www.cisa.gov/resources-tools/resources/defending-against-software-supply-chain-attacksVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and identity-aware policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to exploit compromised tools may have been constrained, reducing the risk of credential harvesting.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges may have been limited, reducing unauthorized access to sensitive environments.
Control: East-West Traffic Security
Mitigation: The attacker's lateral movement may have been restricted, reducing the spread of malicious code across systems.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish and maintain command and control channels may have been hindered, reducing persistent remote access.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's data exfiltration efforts may have been detected and blocked, reducing unauthorized data transfer.
The overall impact of the attack may have been mitigated, reducing the extent of data breaches and ransomware deployment.
Impact at a Glance
Affected Business Functions
- Cloud Infrastructure Management
- Data Storage and Backup
- Software Development and Deployment
Estimated downtime: 7 days
Estimated loss: $500,000
AWS credentials and secrets, potentially leading to unauthorized access to cloud resources and sensitive data.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict lateral movement and limit the spread of attacks.
- • Enforce East-West Traffic Security to monitor and control internal traffic, detecting unauthorized movements.
- • Utilize Multicloud Visibility & Control to gain comprehensive insights across cloud environments and detect anomalies.
- • Apply Egress Security & Policy Enforcement to prevent unauthorized data exfiltration and control outbound traffic.
- • Deploy Threat Detection & Anomaly Response mechanisms to identify and respond to suspicious activities promptly.
