FBI Warns TeamPCP Hackers Compromise Developer Tools in Large-Scale Supply Chain Attacks

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Spread the love

A new wave of software supply chain attacks has put developers and security teams on high alert.

The threat group behind it, known as TeamPCP, has been quietly slipping malicious code into trusted development and security tools used by companies worldwide.

Once inside, the group harvests cloud credentials, SSH keys, and other sensitive secrets that can unlock entire corporate networks.

What makes this campaign especially dangerous is its scale and its target selection. Rather than going after random victims, TeamPCP has focused on tools that developers already trust and use every day inside their build pipelines.

That trust is exactly what the attackers exploited to spread malware far beyond a single company.

The FBI said in a report shared with Cyber Security News (CSN) that TeamPCP has conducted large scale software supply chain compromises by targeting widely used developer and security tools.

The bureau warned that the group gained access to victim environments and extracted sensitive data, including cloud access tokens, SSH keys, and Kubernetes secrets.

Beyond stealing data, TeamPCP has also turned to extortion. The group has published victim names on a public leak site and threatened to release stolen information unless demands are met.

This shift from quiet espionage to public pressure adds another layer of risk. Security teams are being urged to treat any exposure from this campaign as an ongoing threat rather than a one time event.

Even after cleanup, stolen credentials can resurface months later in the hands of other criminal groups looking to cash in on the access TeamPCP obtained.

TeamPCP’s method centers on injecting malicious code directly into legitimate software packages.

By modifying components and dependencies inside popular tools like Trivy, KICS, LiteLLM, and the Telnyx Python SDK, the group pushed trojanized updates that looked normal to developers downloading them.

These tools are deeply embedded in enterprise continuous integration and continuous delivery pipelines, making them an ideal entry point.

A single compromised update can quietly ride along into thousands of downstream systems before anyone notices anything wrong.

Once installed, the tainted packages secretly deployed credential stealing malware and backdoors, giving TeamPCP persistent footholds inside developer environments.

From there, attackers could pivot deeper into cloud infrastructure and steal more sensitive material over time.

Malware Families Behind the Campaign

TeamPCP relies on a handful of custom tools to carry out its attacks. CanisterWorm is built to harvest cloud access tokens and API keys tied to services like AWS, Google Cloud, and Microsoft Azure, giving attackers a direct line into cloud accounts.

SANDCLOCK works alongside it, pulling AWS credentials, Kubernetes ServiceAccount tokens, local environment variables, and even cryptocurrency wallet data from infected systems.

Together these tools give TeamPCP a wide net for collecting secrets.

A closely related variant called Miasma follows the same approach while also poisoning configuration files and harvesting credentials as it moves.

The FBI is asking any organization that suspects it has been hit by TeamPCP to report the incident to a local FBI field office or the Internet Crime Complaint Center. Investigators want details like affected package names, CI/CD pipeline logs, network logs, and any extortion messages received.

On the defensive side, the bureau recommends pinning GitHub Actions workflows to verified commit hashes instead of floating tags, and rotating every CI/CD secret and cloud credential that may have been exposed.

Teams should also search their GitHub organizations for repositories named tpcp-docs or docs-tpcp, since these are created by the worm using stolen credentials.

Other suggested steps include enforcing least privilege on CI/CD service accounts, requiring phishing resistant multi factor authentication for repository access, and setting a minimum age threshold before new packages can be installed.

Keeping offline, immutable backups of critical repositories rounds out the FBI’s guidance for reducing both the likelihood and impact of a TeamPCP compromise.

Indicators of Compromise (IoCs):-

Type Indicator Description
IP Address 83.142.209.11 Associated with TeamPCP infrastructure 
IP Address 45.148.10.212 Associated with TeamPCP infrastructure 
IP Address 83.142.209.194 Associated with TeamPCP infrastructure 
IP Address 83.142.209.203 Associated with TeamPCP infrastructure 
IP Address 94.154.172.43 Associated with TeamPCP infrastructure 
IP Address 67.217.57.240 Associated with TeamPCP infrastructure 
Domain scan.aquasecurtiy[.]org Malicious lookalike domain used in campaign 
Domain checkmarx[.]zone Malicious domain impersonating security vendor 
Domain/URL checkmarx[.]zone/vsx Path used for malicious content delivery 
Domain/URL checkmarx[.]zone/static/checkmarx-util-1.0.4.tgz Malicious package payload location 
Domain/URL checkmarx[.]zone/raw Path used for malicious content delivery 
Domain models.litellm[.]cloud Malicious domain used in campaign 
Domain tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0[.]io Malicious domain used for exfiltration/C2 
Domain check.git-service[.]com Malicious domain used in campaign 
Domain t.m-kosche[.]com Malicious domain used in campaign 
Domain git-tanstack[.]com Malicious domain used in campaign 
Domain recv.hackmoltrepeat[.]com Malicious domain used for exfiltration 
Domain/URL audit.checkmarx[.]cx/v1/telemetry Malicious telemetry endpoint 
File Hash 18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a Associated malicious file 
File Hash c37c0ae9641d2e5329fcdee847a756bf1140fdb7f0b7c78a40fdc39055e7d926 Associated malicious file 
File Hash 0c0d206d5e68c0cf64d57ffa8bc5b1dad54f2dda52f24e96e02e237498cb9c3a Associated malicious file 
File Hash 61ff00a81b19624adaad425b9129ba2f312f4ab76fb5ddc2c628a5037d31a4ba Associated malicious file 
File Hash f398f06eefcd3558c38820a397e3193856e4e6e7c67f81ecc8e533275284b152 Associated malicious file 
File Hash 7df6cef7ab9aae2ea08f2f872f6456b5d51d896ddda907a238cd6668ccdc4bb7 Associated malicious file 
File Hash 5e2ba7c4c53fa6e0cef58011acdd50682cf83fb7b989712d2fcf1b5173bad956 Associated malicious file 
File Hash e9b1e069efc778c1e77fb3f5fcc3bd3580bbc810604cbf4347897ddb4b8c163b Associated malicious file 
File Hash 069ac1dc7f7649b76bc72a11ac700f373804bfd81dab7e561157b703999f44ce Associated malicious file 
File Hash 7d80b3ef74ad7992b93c31966962612e4e2ceb93e7727cdbd1d2a9af47d44ba8 Associated malicious file 
File Hash aeaf583e20347bf850e2fabdcd6f4982996ba023f8c2cd56bbd299cfd56516f5 Associated malicious file 
File Hash 877ff2531a63393c4cb9c3c86908b62d9c4fc3db971bc231c48537faae6cb3ec Associated malicious file 
File Hash 4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34 Associated malicious file 
File Hash 80a3d2877813968ef847ae73b5eeeb70b9435254e74d7f07d8cf4057f0a710ac Associated malicious file 
File Hash 6f933d00b7d05678eb43c90963a80b8947c4ae6830182f89df31da9f568fea95 Associated malicious file 
File Hash eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb Associated malicious file 
File Hash 29ac906c8bd801dfe1cb39596197df49f80fff2270b3e7fbab52278c24e4f1a7 Associated malicious file 
File Hash a68dd1e6a6e35ec3771e1f94fe796f55dfe65a2b94560516ff4ac189390dfa1c Associated malicious file 
File Hash 71e35aef03099cd1f2d6446734273025a163597de93912df321ef118bf135238 Associated malicious file 
File Hash a0d229be8efcb2f9135e2ad55ba275b76ddcfeb55fa4370e0a522a5bdee0120b Associated malicious file 
File Hash 6cf223aea68b0e8031ff68251e30b6017a0513fe152e235c26f248ba1e15c92a Associated malicious file 
File Hash 88896d478986d453f5da79b311de39d9b4b1bea95c21af1d8ef181b0f4e52fe9 Associated malicious file 
File Hash 21b6409a7b84446310daca5409ad6112ac60a1e4bef97736e53fff5f63bfdef4 Associated malicious file 
File Hash 0dc06ecdaa63fe24859cfd955053c23245c536e4733480239d14bebf12688e35 Associated malicious file 
File Hash 633c8410ee0413ca4b090a19c30b20c03f31598c25247c484846fa34c1df5b64 Associated malicious file 
File Hash ef641e956f91d501b748085996303c96a64d67f63bfeef0dda175e5aa19cca90 Associated malicious file 
Repository Name tpcp-docs Malicious repository created by worm using stolen credentials 
Repository Name docs-tpcp Malicious repository created by worm using stolen credentials 
CVE CVE-2026-33634 Associated vulnerability exploited in campaign 
CVE CVE-2026-48027 Associated vulnerability exploited in campaign 
CVE CVE-2026-45321 Associated vulnerability exploited in campaign 
CVE CVE-2025-55182 Associated vulnerability exploited in campaign 

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

 Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.