logo

TeamPCP Supply Chain Campaign: A March 2026 Retrospective

ID: 6a17e7d8-c0c9-5aa7-9d64-027217ea28a0

STIX ID: report--6a17e7d8-c0c9-5aa7-9d64-027217ea28a0

Feed Name: OpenSourceMalware Blog

Threat Score
92/100

Date Published: 2026-03-26

Date Updated: 2026-06-20

Author: cb482791-4ef1-4762-96ad-b0ca4bdd538e

...
...

TeamPCP executed a high-speed, multi-phase supply-chain campaign in March 2026 that began with a stolen Trivy CI PAT and led to poisoned GitHub Actions, malicious releases across GitHub Releases, Docker registries, npm and PyPI packages (including litellm and telnyx), internal org defacements, and credential exfiltration to attacker-controlled C2 infrastructure; the operation combined automated propagation (CanisterWorm), credential harvesting, package backdoors/stealers, and a geotargeted Iran wiper, with numerous IOCs and remediation guidance provided.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.