Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns

Threat Actor Meta
First reported
Last updated
Happening score
H score 15
2 unique sources, 2 articles

Summary

Hide ▲

TeamPCP and Vect ransomware group are linking supply-chain compromises to follow-on ransomware campaigns, broadening extortion risk for affected organizations. The shift matters because stolen access and secrets can now be reused as part of a coordinated monetization path. It also signals a more mature affiliate-style ransomware ecosystem around developer-tool compromises.

Related Happenings

TrapDoor cross-ecosystem supply-chain campaign

Campaign
First: 25.05.2026 08:59 Last: 25.05.2026 08:59 Sources 1

About this happening: The **TrapDoor** supply-chain campaign has expanded across **npm, PyPI, and Crates.io**, using **34+ malicious packages** to steal developer secrets and credentials. The operation...

Open Happening

TeamPCP supply-chain ecosystem shift and extortion partnerships

Threat Actor Meta
First: 22.05.2026 14:55 Last: 22.05.2026 14:55 Sources 1

About this happening: **TeamPCP** has expanded its supply-chain abuse model across open-source ecosystems, raising the risk of downstream compromise and extortion at scale. The group has **corrupted hu...

Open Happening

TeamPCP uses Shai-Hulud release to build access-broker monetization pipeline

Threat Actor Meta
First: 18.05.2026 22:53 Last: 18.05.2026 22:53 Sources 1

About this happening: **TeamPCP** is being framed as using the **Shai-Hulud** source-code release to drive an **access broker** business, turning worm distribution into a credential-monetization pipeli...

Open Happening

TeamPCP campaign expands across multiple victims

Campaign
First: 15.05.2026 13:54 Last: 15.05.2026 13:54 Sources 1

About this happening: The **TeamPCP / Mini Shai-Hulud** supply-chain operation is actively compromising **hundreds of packages**, exposing **downstream developers** to **malware delivery** and **creden...

Open Happening

Hugging Face shared-loader supply chain campaign

Campaign
First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

About this happening: A **Hugging Face** repository cluster appears to be part of a **broader supply chain campaign** that used **shared loaders** to push a stealer through open-source model downloads....

Open Happening

Timeline

  1. 31.03.2026 15:15 2 articles · 1mo ago

    TeamPCP monetizes stolen secrets and aligns with extortion groups

    Initial Disclosure

    Wiz reported that TeamPCP was exploring ways to monetize stolen supply-chain secrets, including cloud credentials, SSH keys, Kubernetes configuration files, and other coding process secrets, while validating, encrypting, and exfiltrating them to attacker-controlled domains. Wiz also said TeamPCP was explicitly collaborating with Lapsus$ and that the activity reflected a broader convergence between supply-chain attackers and extortion-focused ransomware operations.

    Show sources
    Open in new tab