TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)

This April 1–3, 2026 update documents major developments in the TeamPCP supply‑chain campaign: CERT‑EU confirmed the European Commission AWS compromise via the Trivy supply‑chain vulnerability (CVE‑2026‑33634) with 340 GB exfiltrated and 71 clients impacted; Sportradar was attributed to a joint TeamPCP/Vect operation exposing extensive client and credential data; Mandiant and others quantify the campaign impact as 1,000+ SaaS environments and up to ~500,000 machines; new IOCs and container TTPs (frps, gost, React2Shell) and legal/notification consequences (Mercor class action, data published by ShinyHunters) are also described, with recommendations to rotate credentials and remediate Trivy to patched versions.