Search TorNews

Find cybersecurity news, guides, and research articles

Popular searches:

Home » News » Government & Policy » FBI Warns TeamPCP is Compromising Trusted Developer Tools in Supply Chain Attacks

FBI Warns TeamPCP is Compromising Trusted Developer Tools in Supply Chain Attacks

Last updated:July 6, 2026
Human Written
  • The FBI says TeamPCP turned trusted developer tools into attack tools. The group didn’t directly attack companies, but rather spread malware through normal software updates by embedding malicious code inside widely used software packages.

  • The attackers wanted long-term access to cloud environment. They managed to grab cloud credentials, SSH keys, Kubernetes secrets, and API tokens, the kind you can use for months after breaking in.

  • The threat extends beyond the first breach. The FBI says TeamPCP shared stolen data with other cybercriminal groups, increasing the chances of future attacks and extortion.

FBI Warns TeamPCP Is Compromising Trusted Developer Tools in Supply Chain Attacks

The FBI warns against the activities of a cybercrime group called TeamPCP. The hackers often compromise developer and security tools and use them to commit credential theft, spread malware and access corporate networks.

A July 2 FBI FLASH Alert revealed that TeamPCP is carrying out supply chain attacks on legitimate software that developers use daily. Instead of hacking into networks, they go after the software for building, testing, and deploying apps.

Trusted Tools Became the Attack Path

FBI reports suggest that the hackers injected malware into legitimate software packages before they got to users.

The group targeted four very popular projects, including Trivy, a scanner for detecting vulnerabilities in container images. They also attacked KICS, an infrastructure-as-code security scanner, LiteLLM, an AI model routing library, and the Telnyx Python SDK. All of these are commonly used by companies in software development and security testing.

The deception tactics extend to other areas; hackers have been using SEO poisoning to promote fake VPN apps that steal corporate credentials.

By infecting only a few number of projects, the hackers have managed to infect many companies through one package alone.

The attack began in the month of March 2026 and progressed very rapidly. First, TeamPCP managed to infect Trivy by using stolen credentials to inject malware into its GitHub repository.

Four days later, the group used credentials harvested from that breach to attack Checkmarx KICS. On March 24, they poisoned LiteLLM, and on March 27, they hit the Telnyx Python SDK. The cascade spread across multiple ecosystems in just eight days.

Multiple Malware Families Supported the Campaign

The FBI linked four malware families to the operation, each serving a different purpose. CanisterWorm collected cloud credentials, API keys, and access tokens for Amazon Web Services, Google Cloud Platform, and Microsoft Azure. SANDCLOCK targeted AWS credentials, Kubernetes ServiceAccount tokens, local environment variables, and even cryptocurrency wallet information.

Mini Shai-Hulud acted as a self-replicating worm that spread through both npm and PyPI repositories. Miasma, a variant of Mini Shai-Hulud, also spread through open-source package registries while harvesting credentials and modifying configuration files.

The FBI said the worm capability made the campaign especially dangerous. It could continue spreading after the initial compromise, reaching additional developers and organizations automatically.

The campaign’s scale was massive. According to reports, TeamPCP has stolen data from over 500,000 infected devices. In addition, they’ve snatched more than 300 gigabytes of confidential information. They’ve broken into about 10,000 CI/CD pipelines and stolen credentials from more than 1,000 SaaS environments.

Attackers also Targeted Forgotten npm Accounts

One of the most unusual techniques the alert described involved taking over npm maintainer accounts through expired recovery email domains. The FBI said some developers created npm accounts years ago using work email addresses tied to domains that later expired.

In case these names became available again, the attackers could use these names, reset passwords, and hack into package maintainers’ accounts. That would enable the attackers to create fake versions of legitimate packages using the real developers’ names.

Also, the FBI tracked down two GitHub repositories tied to the campaign: tpcp-docs and docs-tpcp. The agency said organizations finding either repository inside their GitHub environment should treat it as a sign that attackers created it using stolen credentials.

Stolen Credentials Remain a Long-Term Threat

The FBI warned organizations not to assume the danger ends once malware is removed. According to the agency, any credentials exposed during the campaign should be considered permanently compromised because they may already have been shared with other criminal groups or stored for future use.

The alert also said TeamPCP engaged in extortion by publishing victim names on a public leak site and threatening to release stolen information.

Researchers have suggested that this threat group has been working in conjunction with other cybercrime groups, such as the Vect ransomware gang, making it more likely that stolen data will be in circulation for many months, if not years, to come following the initial breach.

FBI Urges Immediate Security Review

These are some actions the FBI suggests to decrease exposure: organizations need to pin workflows of GitHub Actions to commit SHA hashes rather than use versions, reset credentials and CI/CD secrets potentially leaked to the public, and apply multi-factor phishing-resistant authentication to those who have access to code repositories and package registries.

There is more on what the FBI recommends, including: granting least privilege permissions for service accounts, using temporary credentials instead of secrets, storing secrets in special secret managers, and checking repositories for exposed secrets.

To reduce the chance of installing newly poisoned packages, the FBI advises organizations to delay automatic adoption of newly published packages by at least seven days, giving the security community time to identify and report malicious releases. Runtime monitoring of CI/CD systems can also help detect unexpected outbound network activity before attackers steal additional data.

Organizations that believe they were affected should preserve CI/CD logs, network logs, package version information, compromised credentials, and any extortion messages before reporting the incident to their local FBI field office or the Internet Crime Complaint Center.

Share this article

About the Author

Memchick E

Memchick E

Digital Privacy Journalist

Memchick is a digital privacy journalist who investigates how technology and policy impact personal freedom. Her work explores surveillance capitalism, encryption laws, and the real-world consequences of data leaks. She is driven by a mission to demystify digital rights and empower readers with the knowledge to protect their anonymity online.

View all posts by Memchick E >
Comments (0)

No comments.