TeamPCP
TeamPCP is a financially motivated cybercriminal group active since late 2025, specialising in software supply chain attacks targeting developer tooling, open source packages, and CI/CD infrastructure. The group has conducted sustained attack campaigns against GitHub, PyPI, npm, and Docker registries, embedding credential-stealing malware into widely used open source tools including Trivy, LiteLLM, TanStack, and Checkmarx components. TeamPCP operates a worm-based propagation framework (Shai-Hulud / Mini Shai-Hulud) and has established partnerships with BreachForums and DragonForce ransomware. Victims include GitHub, OpenAI, Mistral AI, and the European Commission. Attribution remains unresolved — operators are English-speaking with no confirmed nation-state affiliation.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
76 mentions · 16 sources"This attack is attributed to the hacker group TeamPCP"
"The campaigns were attributed to the TeamPCP hacker group."
"In the ongoing Shai-Hulud malware campaign attributed to TeamPCP hackers, dozens of TanStack packages infected with credential-stealing code were published on the npm index"
"Analysis confirmed it was supply chain poisoning on PyPI by the TeamPCP group."
"A similar capability was observed in the payload delivered in the TanStack attack attributed to TeamPCP"
"the chalk-tempalte package contains a clone of the Shai-Hulud malware attributed to the TeamPCP hacker group that is reponsible for the recent Mini Shai-Hulud software supply-chain attack"
"the TeamPCP group launched a new wave of the Mini Shai-Hulud worm, compromising legitimate npm packages through hijacked GitHub Actions OIDC tokens"
"threatened to leak the Mistral AI source code stolen using compromised CI/CD credentials"
"the TeamPCP hacking group abused weaknesses in the package publishing process to distribute 84 malicious packages tied to the TanStack open source development ecosystem"
"TeamPCP exploited every layer of that trust, starting with a single compromised identity"
"In March, the hacker group also compromised Aqua Security's Trivy vulnerability scanner , which is believed to have led to cascading compromises affecting Aqua Security Docker images and the Checkmarx KICS project"
Hedge terms observed