EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

TeamPCP expands supply chain attacks targeting security infrastructure and cloud environments

Evidence first: scan the strongest sources, then decide whether to go deeper.

redditrss
cveexploitsmalwarethreat_actorsincident_responsesecurity_tooling
Trend in the last 24h
Archive source links paid
Current signal detail is open. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (4)Get the free brief by emailStart free trial
No card needed for the free brief.
Top sources
  • Palo Alto Networks Unit 42
    unit42.paloaltonetworks.com
  • TeamPCP Moves From OSS to AWS Environments
    SecurityWeek
  • TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets
    Infosecurity Magazine
  • IoCs and detection logic for your alert stack (via Reddit)
    TeamPCP supply chain campaign
Overview

The hacking group TeamPCP has intensified its supply chain attacks, targeting security infrastructure and cloud environments.

Entities
Vect ransomware groupLapsus$TeamPCP
Score total
1.74
Momentum 24h
4
Posts
4
Origins
4
Source types
2
Duplicate ratio
0%
Why now
  • Recent activity shows TeamPCP shifting tactics and expanding targets to AWS environments.
  • New detection indicators provide defenders timely intelligence to identify and mitigate attacks.
  • The group's collaboration with ransomware gangs raises urgency for proactive defense measures.
Why it matters
  • Supply chain attacks compromise trusted software and infrastructure, increasing risk to organizations.
  • TeamPCP's move into cloud environments expands the attack surface and potential impact.
  • Partnerships with ransomware groups indicate increased monetization and threat sophistication.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • TeamPCP is conducting multi-stage supply chain attacks targeting security infrastructure and cloud environments.
  • TeamPCP has partnered with the Vect ransomware group and has ties to Lapsus$ to monetize stolen supply chain secrets.
  • Detection of TeamPCP activity involves monitoring DNS queries, base64 decoding processes, suspicious Kubernetes pod creations, and cloud metadata access.
How sources frame it
  • Palo Alto Networks Unit 42: neutral
All evidence
All evidence
Palo Alto Networks Unit 42
unit42.paloaltonetworks.com
TeamPCP Moves From OSS to AWS Environments
SecurityWeek
TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets
Infosecurity Magazine
IoCs and detection logic for your alert stack (via Reddit)
TeamPCP supply chain campaign
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: -Duplicates: -
Showing 4 / 0
Top publishers (this list)
  • unit42.paloaltonetworks.com (1)
  • SecurityWeek (1)
  • Infosecurity Magazine (1)
  • TeamPCP supply chain campaign (1)
Top origin domains (this list)
  • Unknown (4)