TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)

This update on the TeamPCP supply-chain campaign reports a shift from package poisoning to large-scale credential monetization: investigators allege Databricks may be a downstream victim of a ~300 GB credential trove, TeamPCP is operating both an in-house ransomware (CipherForce) and using the Vect affiliate channel, and LAPSUS$ reportedly released AstraZeneca data publicly after failed extortion. The report also documents downstream disclosures (ownCloud), a pause in new package compromises, and recommendations for monitoring shared RSA-4096 keys, rotating exposed credentials, and completing remediation before the CISA KEV deadline.