TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Infosecurity Magazine

TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets

2026-03-31 · Read original ↗

ATT&CK techniques detected

4 predictions
T1195.001Compromise Software Dependencies and Development Tools
95%
"security, by injecting credential - stealing malware into official releases and github actions. teampcp subsequently injected the same malware into checkmarx ' s kics scanner through github actions and openvsx extensions. later, researchers discovered teampcp targeted litellm ai …"
T1195.001Compromise Software Dependencies and Development Tools
95%
"partnering with teampcp, the operators behind the latest trivy / litellm supply chain compromises. together, we are ready to deploy ransomware across all affected companies that got hit by these attacks, and we won ' t stop there. we will pull off even bigger supply chain operati…"
T1486Data Encrypted for Impact
56%
"##ion group lapsus $ to perpetuate the chaos. " lapsus $ is an extortion - focused hacking group known for high - profile breaches via social engineering and credential theft, with suspected tactical overlaps – but no confirmed organizational ties – to scattered spider and shinyh…"
T1195.001Compromise Software Dependencies and Development Tools
38%
"teampcp explores ways to exploit stolen supply chain secrets researchers have observed a “ dangerous convergence ” between supply chain attackers and extortion gangs like lapsus $ as teampcp looks to exploit stolen credentials. in a new report published on march 30, security rese…"

Summary

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs