TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Infosecurity Magazine

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

2026-03-27 · Read original ↗

ATT&CK techniques detected

9 predictions
T1195.001Compromise Software Dependencies and Development Tools
99%
"teampcp targets telnyx package in latest pypi software supply chain attack teampcp has again expanded its supply chain attacks on open - source repositories by targeting telnyx, according to security researchers. the cyber threat group recently rose to notoriety by uploading mali…"
T1195.001Compromise Software Dependencies and Development Tools
98%
"pipeline simply installing or updating the package would trigger the attack without needing to import or run any of the package ' s actual functionality. endor labs researchers confirmed socket ’ s findings and further explained that the threat actor gained the ability to publish…"
T1195.001Compromise Software Dependencies and Development Tools
96%
"for phone calls, sms, mms and other telecom services. teampcp ’ s telnyx compromise campaign explained on march 27, researchers from both socket and endor labs published findings revealing that the official telnyx python software development kit ( sdk ) had been compromised in a …"
T1195.001Compromise Software Dependencies and Development Tools
94%
"data exfiltration was performed over http to an external endpoint controlled by the attacker. telnyx campaign reflects teampcp ' s growing sophistication endor labs researchers emphasized that the pattern exhibited by teampcp reflects a maturation in supply chain attack methodolo…"
T1195.002Compromise Software Supply Chain
75%
"data exfiltration was performed over http to an external endpoint controlled by the attacker. telnyx campaign reflects teampcp ' s growing sophistication endor labs researchers emphasized that the pattern exhibited by teampcp reflects a maturation in supply chain attack methodolo…"
T1195.002Compromise Software Supply Chain
49%
"pipeline simply installing or updating the package would trigger the attack without needing to import or run any of the package ' s actual functionality. endor labs researchers confirmed socket ’ s findings and further explained that the threat actor gained the ability to publish…"
T1195Supply Chain Compromise
43%
"data exfiltration was performed over http to an external endpoint controlled by the attacker. telnyx campaign reflects teampcp ' s growing sophistication endor labs researchers emphasized that the pattern exhibited by teampcp reflects a maturation in supply chain attack methodolo…"
T1486Data Encrypted for Impact
41%
"data exfiltration was performed over http to an external endpoint controlled by the attacker. telnyx campaign reflects teampcp ' s growing sophistication endor labs researchers emphasized that the pattern exhibited by teampcp reflects a maturation in supply chain attack methodolo…"
T1204.005Malicious Library
34%
"for phone calls, sms, mms and other telecom services. teampcp ’ s telnyx compromise campaign explained on march 27, researchers from both socket and endor labs published findings revealing that the official telnyx python software development kit ( sdk ) had been compromised in a …"

Summary

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware