FBI Says TeamPCP Uses Trojanized Updates to Steal Cloud Tokens, SSH Keys, and Kubernetes Secrets
ID: b31d3725-5cff-5610-a945-65ec360414c2
STIX ID: report--b31d3725-5cff-5610-a945-65ec360414c2
Feed Name: GBHackers
The FBI warns that TeamPCP conducted a sophisticated 2026 software supply-chain campaign by injecting malicious code into widely used tooling (notably Trivy, KICS, LiteLLM, and the Telnyx Python SDK) to harvest cloud access tokens, SSH keys, Kubernetes secrets and LLM API keys at scale; multiple self-propagating malware components exfiltrated encrypted credentials across npm/PyPI and CI/CD environments, with technical indicators and immediate mitigation steps (rotate secrets, pin to commit SHAs, enforce least privilege and phishing-resistant MFA, and search for repos created by the worm) provided.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
