At a glance
| Actor | TeamPCP |
| Activity type | Software supply chain compromise |
| Targets | Enterprise developers, security tools |
| Scale | Large-scale access and credential theft |
| Jurisdiction | FBI investigating |
| Source | FBI FLASH Alert |
TL;DR
The FBI released an urgent alert regarding a major TeamPCP supply chain attack. Suspected cybercriminals are actively targeting popular development and security tools. They inject malicious code into trusted software channels to steal highly sensitive credentials.
What happened
In 2026, suspected threat actors compromised several trusted software distribution channels. The attackers injected malicious code into legitimate packages. They targeted security tools like Trivy and KICS. Furthermore, they modified developer tools such as LiteLLM and the Telnyx Python SDK. This activity caused a significant software supply chain compromise.
The attackers deployed multiple credential-stealing malware strains. According to the alert, this “allowed the threat actors to push trojanized updates that appeared normal but secretly installed credential-stealing malware and persistent backdoors.” They used specific tools named CanisterWorm and SANDCLOCK. Additionally, they deployed self-replicating worms across npm and PyPI registries. These worms are known as Mini Shai-Hulud and Miasma.
CanisterWorm harvests sensitive information from various cloud services. It targets Amazon Web Services, Google Cloud Platform, and Microsoft Azure. Meanwhile, SANDCLOCK extracts local environment variables and cryptocurrency wallet data. The attackers even exploited known vulnerabilities. Specifically, they targeted flaws like CVE-2026-33634 and CVE-2025-55182.
Who is behind it
Authorities attribute this campaign to a cyber criminal group known as TeamPCP. The FBI expressed high confidence in this attribution in their recent FLASH report. Moreover, the group frequently engages in digital extortion. They reportedly collaborate with other cybercriminal actors. TeamPCP publishes victim names on public leak sites and threatens to expose stolen data.
Impact or scale
The TeamPCP supply chain attack severely impacts enterprise development pipelines globally. The attackers actively harvest sensitive cloud access tokens, SSH keys, and Kubernetes secrets. Consequently, these compromises allow actors to gain deep, persistent access to victim environments. The potential operational scale of this threat is massive.
The FBI warns that organizations must treat exfiltrated data as a permanent risk. The alert states that “affiliated threat actors are likely to weaponize them long after the initial compromise.” As a result, this theft creates severe secondary risks for downstream systems. Attackers can reuse stolen tokens to launch further attacks across different platforms.
What comes next
Network defenders must act quickly to mitigate unauthorized access. First, you should pin all GitHub Actions workflows to verified commit hashes. Additionally, rotate all CI/CD secrets and cloud credentials immediately. The FBI urges teams to implement behavioral monitoring for all CI/CD pipelines.
Next, you need to enforce strict multi-factor authentication for code repository access. You must audit npm maintainer accounts for expired recovery email domains. Furthermore, search your GitHub repositories for suspicious names like ‘tpcp-docs’ or ‘docs-tpcp’. Attackers use these specific names to exfiltrate data.
Finally, enforce a minimum package age threshold of seven days. This delay reduces exposure to newly published malicious versions. Report any suspected TeamPCP intrusions to the FBI Internet Crime Complaint Center immediately.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.