logo

FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials

ID: 92807029-e78f-5063-9fc2-b8f58fb3c7cb

STIX ID: report--92807029-e78f-5063-9fc2-b8f58fb3c7cb

Feed Name: Security Affairs

Threat Score
90/100

Date Published: 2026-07-04

Date Updated: 2026-07-04

Author: Pierluigi Paganini

...
...

The FBI alert details TeamPCP’s large-scale supply chain campaign in which attackers trojanized trusted developer/security tools (e.g., Trivy, KICS, LiteLLM, Telnyx SDK) to install credential-stealing malware and self-replicating worms that propagated across npm and PyPI, exfiltrated cloud credentials and secrets, and enabled extortion and data leakage; the alert includes IoCs (IPs, hashes, domains, CVEs) and mitigation guidance such as pinning CI workflows, rotating secrets, enforcing least-privilege, and requiring phishing-resistant MFA.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.