TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

СLOUD SECURITY CYBER RISK CYBERATTACKS & DATA BREACHES THREAT INTELLIGENCE NEWS TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials. Rob Wright,Senior News Director,Dark Reading March 31, 2026 3 Min Read SOURCE: RANCZ ANDREI VIA ALAMY STOCK PHOTO TeamPCP is weaponizing the fruits of its extensive supply chain attacks, using stolen credentials to access cloud and software-as-a-service (SaaS) environments. The threat group this month compromised several open source software projects, starting with Trivy, an Aqua Security-maintained security scanner, and KICS, a Checkmarx-developed tool for static code analysis. More recently, TeamPCP actors hit LiteLLM, an open source Python library, and the PyPi package of Telnyx, which developers use for voice AI agents. The goal was the same across all four attack campaigns — use poisoned, open source software to deploy infostealer malware in organizations and harvest user credentials, API keys, SSH keys, and other secrets. Now, TeamPCP has set its sights on bigger fish by using the stolen credentials to breach AWS and Azure environments as well as SaaS instances. The escalation has put a premium on fast responses to the supply chain attacks, as those organizations that failed to quickly rotate and revoke credentials could be sitting ducks for attackers. Related:CSA Launches CSAI Foundation for AI Security TeamPCP Rolls On With Cloud Attacks In a blog post yesterday, Wiz Research detailed how the company's customer incident response team (CIRT) investigated and responded to "multiple attacks" from TeamPCP following the supply chain compromises.  The Wiz CIRT first detected malicious use of stolen credentials on March 19, in which threat actors used the Trufflehog open source tool to validate those credentials. The team observed Trufflehog validation activity for AWS access keys, Azure application secrets, and various SaaS tokens.  In the AWS compromises, the Wiz CIRT noticed the threat actors wasted little time in weaponizing the stolen credentials and secrets. "After the secrets were validated, and as quickly as 24 hours after the initial theft, the threat actor began performing AWS discovery operations," the researchers wrote. TeamPCP conducted extensive enumeration in victims' AWS environments, collecting data on everything from identity and access management roles to S3 buckets, with a special focus on mapping Amazon Elastic Container Service (ECS) instances.  From there, the attackers exfiltrated data from S3 buckets and AWS Secrets Manager, among other resources, and abused the ECS Exec feature to run Bash commands and Python scripts on running containers. Wiz researchers said this gave the threat actors the ability to further explore the environment and exfiltrate additional sensitive data. It's unclear how many cloud environments have been compromised by TeamPCP attacks. Wiz Research tells Dark Reading that it does not provide figures on impacted environments.  Related:Native Launches With Security Control Plane for Multicloud "What we can share is that our research shows this activity isn't limited to a single cloud," Wiz Research says. "We've observed compromises across Azure, GitHub, and other SaaS providers, reflecting how attackers reuse validated credentials across environments." The Need For Speed In addition to the compromised AWS environments, the Wiz CIRT also tracked malicious activity in GitHub, where TeamPCP actors abused the platform's workflows to execute code in targeted repositories. The threat actors also abused GitHub Personal Access Tokens to create cloned repositories at scale, the researchers said.  The escalating attacks show that TeamPCP prioritizes speed rather than subtly and stealth, according to Wiz. The campaigns also demonstrate the importance of a fast response to incidents involving compromised credentials.  "Our analysis shows TeamPCP moved quickly to validate and weaponize stolen credentials," Wiz Research says. "At the same time, organizations that acted fast to revoke or rotate access were able to limit the blast radius." Organizations that may have been impacted by the supply chain attacks on Trivy, KICS, LiteLLM, and Telnyx should rotate all secrets and credentials. Since it's possible that TeamPCP threat actors may have gained access to cloud instances before the credentials, Wiz researchers recommend that organizations hunt for suspicious and anomalous activity in their environments. Related:Post-Quantum Web Could be Safer, Faster Such activity includes unusual use of VPNs, a significant number "git.clone" events in a short period, and suspicious enumeration activity. Wiz published indicators of compromise (IOCs) for the recent TeamPCP attacks and urged security teams to monitor for those signs while making sure audit logging is enabled across the network.  About the Author Rob Wright Senior News Director, Dark Reading Rob Wright is a longtime reporter with more than 25 years of experience as a technology journalist. Prior to joining Dark Reading as senior news director, he spent more than a decade at TechTarget's SearchSecurity in various roles, including senior news director, executive editor and editorial director. Before that, he worked for several years at CRN, Tom's Hardware Guide, and VARBusiness Magazine covering a variety of technology beats and trends. Prior to becoming a technology journalist in 2000, he worked as a weekly and daily newspaper reporter in Virginia, where he won three Virginia Press Association awards in 1998 and 1999. He graduated from the University of Richmond in 1997 with a degree in journalism and English. A native of Massachusetts, he lives in the Boston area.  Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like СLOUD SECURITY Agentic AI Use Cases for Security Soar, but Risks Demand Close Attention by Arielle Waldman AUG 14, 2025 СLOUD SECURITY Hundreds of MCP Servers Expose AI Models to Abuse, RCE by Nate Nelson, Contributing Writer JUN 25, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 СLOUD SECURITY CISA Weighs In on Alleged Oracle Cloud Breach by Kristina Beek, Associate Editor, Dark Reading APR 18, 2025 Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ CYBER RISK What Orgs Can Learn From Olympics, World Cup IR Plans byTara Seals MAR 12, 2026 THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE