TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor Meta
Summary
Hide ▲
Show ▼
TeamPCP and Vect ransomware group are linking supply-chain compromises to follow-on ransomware campaigns, broadening extortion risk for affected organizations. The shift matters because stolen access and secrets can now be reused as part of a coordinated monetization path. It also signals a more mature affiliate-style ransomware ecosystem around developer-tool compromises.
Related Happenings
Pink new extortion brand within The Com
Threat Actor Meta
H score30
First: 08.07.2026 19:47
Last: 08.07.2026 19:47
Sources 1
About this happening:
A new **Pink** extortion brand has emerged within **The Com**, signaling a more decentralized criminal ecosystem that can scale credential theft and data extortion across multiple...
Pink new extortion brand within The Com
Threat Actor MetaAbout this happening: A new **Pink** extortion brand has emerged within **The Com**, signaling a more decentralized criminal ecosystem that can scale credential theft and data extortion across multiple...
Qilin consolidates into dominant RaaS position as ransomware market reconcentrates
Threat Actor Meta
H score39
First: 03.07.2026 16:00
Last: 03.07.2026 16:00
Sources 1
About this happening:
**Qilin** is consolidating into a dominant **RaaS** position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim vol...
Qilin consolidates into dominant RaaS position as ransomware market reconcentrates
Threat Actor MetaAbout this happening: **Qilin** is consolidating into a dominant **RaaS** position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim vol...
Vect and TeamPCP industrialize ransomware through a supply-chain credential-theft alliance
Threat Actor Meta
H score67
First: 03.07.2026 14:30
Last: 03.07.2026 14:30
Sources 1
About this happening:
**Vect** and **TeamPCP** formed a new **ransomware-as-a-service** partnership that combines **supply-chain credential theft** with extortion, expanding the risk of follow-on attac...
Vect and TeamPCP industrialize ransomware through a supply-chain credential-theft alliance
Threat Actor MetaAbout this happening: **Vect** and **TeamPCP** formed a new **ransomware-as-a-service** partnership that combines **supply-chain credential theft** with extortion, expanding the risk of follow-on attac...
Ghost Networks crypto-clipper promotion campaign
Campaign
H score15
First: 17.06.2026 21:14
Last: 17.06.2026 21:14
Sources 1
About this happening:
**Unknown threat actor** is running an **active June 2026** campaign that fakes legitimacy to distribute a **Rust-based clipboard hijacker**. The operation uses **bogus GitHub sta...
Ghost Networks crypto-clipper promotion campaign
CampaignAbout this happening: **Unknown threat actor** is running an **active June 2026** campaign that fakes legitimacy to distribute a **Rust-based clipboard hijacker**. The operation uses **bogus GitHub sta...
The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth
Threat Actor Meta
H score26
First: 10.06.2026 17:03
Last: 10.06.2026 17:03
Sources 1
About this happening:
**The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...
The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth
Threat Actor MetaAbout this happening: **The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...
Timeline
-
31.03.2026 15:15 2 articles · 3mo ago
TeamPCP monetizes stolen secrets and aligns with extortion groups
Initial DisclosureWiz reported that TeamPCP was exploring ways to monetize stolen supply-chain secrets, including cloud credentials, SSH keys, Kubernetes configuration files, and other coding process secrets, while validating, encrypting, and exfiltrating them to attacker-controlled domains. Wiz also said TeamPCP was explicitly collaborating with Lapsus$ and that the activity reflected a broader convergence between supply-chain attackers and extortion-focused ransomware operations.
Show sources
- TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets — www.infosecurity-magazine.com — 31.03.2026 15:15
- Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error — www.darkreading.com — 29.04.2026 18:23