Executive Summary
In March 2026, the threat actor TeamPCP executed a sophisticated supply chain attack by compromising the Telnyx Python SDK on the Python Package Index (PyPI). Malicious versions 4.87.1 and 4.87.2 were published, embedding payloads within WAV audio files—a novel steganography technique. These payloads targeted Windows systems by dropping a persistent binary named 'msbuild.exe' into the Startup folder, while Linux and macOS systems faced credential harvesting similar to previous LiteLLM compromises. Forensic analyses confirmed the use of RSA-4096 encryption and specific exfiltration patterns consistent with TeamPCP's tactics. The compromised versions were promptly quarantined by PyPI. Concurrently, TeamPCP partnered with the Vect ransomware-as-a-service operation and BreachForums, distributing affiliate keys to approximately 300,000 users, potentially enabling one of the largest coordinated ransomware deployments observed. Additionally, the LAPSUS$ group claimed a 3GB data breach of AstraZeneca, allegedly using credentials obtained through TeamPCP's activities. This breach reportedly includes internal code repositories, cloud infrastructure configurations, and employee data. Organizations affected by any phase of the TeamPCP campaign are urged to rotate credentials immediately and monitor for indicators of compromise.
Why This Matters Now
The convergence of supply chain compromises, ransomware-as-a-service models, and dark web forum mobilization signifies an unprecedented escalation in cyber threats. Organizations must proactively secure their software supply chains and implement robust monitoring to mitigate these evolving risks.
Attack Path Analysis
The adversary, TeamPCP, gained initial access by compromising the Telnyx Python SDK on PyPI, embedding malicious code in versions 4.87.1 and 4.87.2. Upon installation, the malware executed, harvesting credentials and deploying persistent backdoors. The malware then moved laterally across Kubernetes clusters by deploying privileged pods to every node. It established command and control by exfiltrating data to attacker-controlled domains. Sensitive data, including SSH keys and cloud tokens, were exfiltrated. The impact included potential unauthorized access to cloud resources and further exploitation of compromised credentials.
Kill Chain Progression
Initial Compromise
Description
TeamPCP compromised the Telnyx Python SDK on PyPI, embedding malicious code in versions 4.87.1 and 4.87.2.
MITRE ATT&CK® Techniques
Compromise Software Supply Chain
Credentials from Password Stores
Data Encrypted for Impact
Application Layer Protocol
Command and Scripting Interpreter
Boot or Logon Autostart Execution
Obfuscated Files or Information
Data from Local System
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Change Control Processes
Control ID: 6.4.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Supply Chain Risk Management
Control ID: 3.1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
ISO/IEC 27001 – Management of Technical Vulnerabilities
Control ID: A.12.6.1
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Supply chain compromises targeting PyPI packages, CI/CD pipelines, and development tools create critical vulnerabilities in software development infrastructure and credential security.
Information Technology/IT
TeamPCP campaign exploits IT infrastructure through compromised security scanners, Kubernetes environments, and cloud configurations, enabling lateral movement and data exfiltration.
Pharmaceuticals
AstraZeneca breach demonstrates pharmaceutical sector exposure to supply chain attacks targeting cloud infrastructure, code repositories, and employee data through compromised development tools.
Financial Services
Vect ransomware affiliate program with 300,000 operators amplifies supply chain compromise risks for financial institutions using affected development and security scanning tools.
Sources
- TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim, (Fri, Mar 27th)https://isc.sans.edu/diary/rss/32838Verified
- LiteLLM PyPI compromise: Everything we know so farhttps://www.itpro.com/security/litellm-pypi-compromise-everything-we-know-so-farVerified
- Threat Alert: TeamPCP, An Emerging Force in the Cloud Native and Ransomware Landscapehttps://flare.io/learn/resources/blog/teampcp-cloud-native-ransomware/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and controlled egress policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The CNSF may have constrained the attacker's ability to exploit the compromised SDK by enforcing strict workload isolation and identity-aware routing.
Control: Zero Trust Segmentation
Mitigation: Zero Trust Segmentation would likely have restricted the malware's ability to escalate privileges by enforcing least-privilege access controls.
Control: East-West Traffic Security
Mitigation: East-West Traffic Security may have constrained the malware's lateral movement by monitoring and controlling internal traffic flows.
Control: Multicloud Visibility & Control
Mitigation: Multicloud Visibility & Control would likely have identified and restricted unauthorized outbound connections to attacker-controlled domains.
Control: Egress Security & Policy Enforcement
Mitigation: Egress Security & Policy Enforcement may have limited the exfiltration of sensitive data by enforcing strict outbound traffic policies.
The implementation of CNSF controls would likely have reduced the overall impact by limiting unauthorized access and constraining the attacker's ability to exploit compromised credentials.
Impact at a Glance
Affected Business Functions
- Software Development
- Continuous Integration/Continuous Deployment (CI/CD) Pipelines
- Credential Management
- Supply Chain Security
Estimated downtime: 7 days
Estimated loss: $500,000
Compromised credentials, including SSH keys, cloud tokens, Kubernetes secrets, and crypto wallets, leading to potential unauthorized access and data breaches.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict lateral movement within Kubernetes clusters.
- • Enforce Egress Security & Policy Enforcement to monitor and control outbound traffic to prevent data exfiltration.
- • Deploy Threat Detection & Anomaly Response systems to identify and respond to malicious activities promptly.
- • Utilize Multicloud Visibility & Control to gain comprehensive insights into cloud environments and detect anomalies.
- • Regularly audit and rotate credentials to mitigate the risk of unauthorized access due to compromised credentials.
