FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials
ID: 92807029-e78f-5063-9fc2-b8f58fb3c7cb
STIX ID: report--92807029-e78f-5063-9fc2-b8f58fb3c7cb
Feed Name: Security Affairs
The FBI alert details TeamPCP’s large-scale supply chain campaign in which attackers trojanized trusted developer/security tools (e.g., Trivy, KICS, LiteLLM, Telnyx SDK) to install credential-stealing malware and self-replicating worms that propagated across npm and PyPI, exfiltrated cloud credentials and secrets, and enabled extortion and data leakage; the alert includes IoCs (IPs, hashes, domains, CVEs) and mitigation guidance such as pinning CI workflows, rotating secrets, enforcing least-privilege, and requiring phishing-resistant MFA.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
