Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure

Between February and March 2026, threat actor TeamPCP executed a large-scale supply chain campaign that poisoned CI/CD and package repositories (GitHub Actions, npm, PyPI) for widely used tools — including Aqua Security Trivy, Checkmarx KICS, BerriAI LiteLLM, and the Telnyx Python SDK — to deploy an infostealer and a self-replicating CanisterWorm with wiper capabilities; the operation harvested cloud tokens, SSH keys, Kubernetes secrets, and reportedly exfiltrated hundreds of gigabytes and credentials from hundreds of thousands of machines, while the report provides IoCs, detection queries, and recommended CI/CD and cloud hardening steps.