TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim, (Fri, Mar 27th)

This update describes the TeamPCP supply-chain campaign that actively compromised high-value PyPI packages (notably LiteLLM and Telnyx), introduced a new WAV audio steganography technique to hide payloads, and deployed platform-specific payloads (Windows startup binary and Linux/macOS credential harvester). Forensic vendors confirmed reuse of prior exfiltration patterns and RSA-4096 keys; PyPI quarantined malicious versions. The report warns TeamPCP is distributing stolen credentials broadly and has partnered with Vect ransomware and BreachForums to mobilize affiliates, includes specific IOCs (C2 domains, persistence paths, unexpected .wav files, msbuild.exe in Startup, Kubernetes pod names), and provides remediation guidance including credential rotation and artifact hunting.