TeamPCPTeamPCP

Also known as: TeamPCP

Known aliases
1

Profile

TeamPCP is a threat actor that has executed a coordinated series of supply chain attacks, compromising widely-used open source tools such as Trivy, KICS, and LiteLLM to deploy credential-stealing malware. They employed techniques like credential harvesting, lateral movement within Kubernetes environments, and audio steganography to evade detection. The group has demonstrated the ability to leverage stolen credentials to propagate attacks across multiple ecosystems, including npm and PyPI, using a self-propagating worm known as CanisterWorm. Their operations have included the use of AES-256 encryption and RSA-4096 for exfiltration of sensitive data.

Aliases· 1

TeamPCP

References

  1. https://www.trendmicro.com/en_us/research/26/c/teampcp-telnyx-attack-marks-a-shift-in-tactics.html
  2. https://www.trendmicro.com/en_us/research/26/c/inside-litellm-supply-chain-compromise.html
  3. https://tracebit.com/blog/detecting-cicd-supply-chain-attacks-with-canary-credentials

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
TeamTNT
Actor
ProCC
Actor
TRIPLESTRENGTH
Actor
UNC6426
Actor
DarkPink
Actor
Lilac Typhoon
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.