TeamPCP malware is now the focus of an FBI investigation after a series of supply chain attacks compromised more than 1,000 cloud environments and stole vast amounts of sensitive data.
The FBI has issued a Flash alert detailing the group’s tactics, malware, and infrastructure. The agency is also urging organizations to strengthen their software supply chains and report suspected TeamPCP activity.
According to the bureau, the threat actor has carried out large-scale compromises by targeting trusted developer and security tools. The attacks allowed the group to steal cloud access tokens, SSH keys, Kubernetes secrets, API keys, and other sensitive credentials.
TeamPCP Shifted From React2Shell to Supply Chain Attacks
TeamPCP first gained attention in December 2025 during a widespread campaign exploiting the React2Shell vulnerability.
Since then, the group has shifted its focus toward software supply chain attacks. Instead of targeting individual organizations, the attackers compromised trusted software packages used by thousands of developers.
The FBI says the group inserted malicious code into legitimate software distribution channels. Trojanized package updates were then downloaded by unsuspecting users before developers removed the compromised releases.
FBI Identifies Four Malware Families
The FBI attributes four malware families to TeamPCP malware.
CanisterWorm collects cloud access tokens, API keys, credentials, and secrets linked to AWS, Google Cloud, Microsoft Azure, and other cloud platforms.
SANDCLOCK focuses on stealing AWS credentials, Kubernetes ServiceAccount tokens, local environment variables, and cryptocurrency wallet information.
Mini Shai-Hulud is a self-replicating supply chain worm capable of spreading across both npm and PyPI.
Miasma expands on that functionality by propagating through open-source registries while harvesting credentials and modifying configuration files.
The FBI also says TeamPCP tampered with several widely used developer tools, including Trivy, KICS, LiteLLM, and the Telnyx Python SDK.
FBI Urges Organizations to Strengthen Defenses
The advisory includes several recommendations to reduce the risk of compromise.
Organizations should pin GitHub Actions workflows to verified commit SHA hashes instead of floating version tags. The FBI also recommends enforcing least-privilege access for CI/CD service accounts and registry publishing tokens.
Additional guidance includes enabling multi-factor authentication, reviewing repositories for signs of compromise, and monitoring development environments for suspicious activity.
Sophos Links TeamPCP to Vect Ransomware
Sophos has published a separate investigation into TeamPCP malware and says the group has partnered with the Vect ransomware operation.
According to the company, TeamPCP compromised four widely deployed security and AI software packages. The attackers also spread a self-propagating worm through more than 48 npm packages.
Sophos estimates the campaign affected more than 1,000 enterprise SaaS environments.
Researchers say approximately 300GB of compressed data was stolen during the attacks. The haul reportedly included around 500,000 individual credential sets.
AI Helps Scale the Attacks
Sophos says TeamPCP makes heavy use of AI tools while developing its malware.
Although the malicious code often contains programming mistakes, researchers warn that automation allows the group to launch attacks much faster and on a much larger scale.
Stolen credentials obtained through software supply chain attacks can later be used to deploy ransomware across compromised environments.
Researchers recommend verifying third-party software dependencies before deployment and continuously monitoring development pipelines for unauthorized changes.


0 responses to “FBI Warns of TeamPCP Supply Chain Attacks After Over 1,000 Cloud Environments Breached”