Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting

THREAT INTELLIGENCE CYBER RISK ENDPOINT SECURITY CYBERATTACKS & DATA BREACHES NEWS Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises. Rob Wright,Senior News Director,Dark Reading April 3, 2026 5 Min Read SOURCE: HIRUN LAOWISIT VIA ALAMY STOCK PHOTO The impact of TeamPCP's high-profile supply chain attacks is rapidly expanding — in more ways than one. Following last month's spree of compromised open source projects, two victim organizations disclosed breaches related to the attacks this week. On Tuesday, AI startup Mercor said on social media platform X that it was "one of thousands of companies impacted by a supply chain attack involving LiteLLM." And on Thursday, the EU's Computer Emergency Response Team (CERT-EU) disclosed that a recent attack on the European Commission's cloud and Web infrastructure stemmed from the previously reported Trivy supply chain attack, also attributed to TeamPCP. According to CERT-EU, the EC inadvertently installed a compromised version of the Trivy code-scanning security tool, which allowed threat actors to harvest credentials and secrets that they later used to access the organization's Amazon Web Services (AWS) cloud environment. Related:Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations However, the plot thickens in terms of attribution: CERT-EU also confirmed the cybercriminal group ShinyHunters had published an exfiltrated data set on its leak site. Several days earlier, the group claimed it had obtained more than 91 GB of sensitive data such as emails, databases, and confidential documents from the EC. Similarly, Lapsus$ — a cybercriminal group associated with ShinyHunters and the infamous Scattered Spider collective — had claimed to possess 4 TB of Mercor's internal data, including nearly a terabyte of the AI firm's source code. Dark Reading contacted Mercor for confirmation of the this claim but the company did not respond at press time. In any event, the entry of third-party cybercrime groups into the equation has complicated matters for enterprises, as it's not clear how all of these groups came into possession of the overlapping stolen data. The situation has also raised the risk profile of the supply chain attacks, and experts say organizations need to address the expanding threats as soon as possible. LOADING... TeamPCP's Expanding Cybercrime Influence The disclosures from Mercor and the EC follow warnings from cybersecurity vendors that TeamPCP is weaponizing stolen credentials and secrets obtained in the supply chain attacks to access organizations' cloud infrastructure. In a blog post earlier this week, Wiz noted that its customer incident response team (CIRT) has observed and responded to "multiple attacks" in which TeamPCP actors used stolen credentials and secrets to access victims' AWS, Azure, and software-as-a-service (SaaS) instances. Related:China Upgrades the Backdoor It Uses to Spy on Telcos Globally Specifically, Wiz researchers detailed how in several breaches of AWS environments, threat actors used the Trufflehog open source tool to find and validate stolen credentials. Then, TeamPCP performed reconnaissance of the environments before finally accessing various resources, such as S3 buckets and Amazon Elastic Container Service (ECS) instances, to exfiltrate sensitive data.  Threat actors followed a nearly identical playbook in the European Commission breach, according to CERT-EU. After the organization downloaded a compromised version of Trivy, attackers stole an AWS API key that gave them control over AWS accounts. From there, they used Trufflehog to discover more AWS credentials, carried out reconnaissance activities, and then exfiltrated data from the environment. The speed of the attack was perhaps even more concerning. According to CERT-EU's timeline, threat actors obtained the EC's API key on March 19 — the same day that TeamPCP began pushing compromised versions of Trivy. This was a day before the Trivy supply chain attack first came to light, and several days before Aqua Security, the maintainer of the open source scanner, officially disclosed the compromise.  Ensar Seker, CISO at SOCRadar, says "speed is the real lesson" from the TeamPCP supply chain attacks.  "In practice, the response window is now measured in hours, not days," he says. "The biggest mistake would be to remove the malicious package but leave the stolen credentials usable, because by then the attackers may already be operating inside adjacent environments." Related:Infrastructure Attacks With Physical Consequences Down 25% Instead, Seker says, organizations should immediately revoke and rotate exposed secrets, invalidate all tokens, and reissue cloud credentials. Additionally, security teams should review CI/CD runners, inspect GitHub Actions and package publishing workflows, and hunt for suspicious activity in their cloud and SaaS environments. Multiple Threat Groups Converging on TeamPCP Attacks If the speed of the attacks weren't enough, the situation has gotten murkier with the apparent involvement of Lapsus$ and ShinyHunters, the nature of which is unclear. According to an X post associated with the threat group, it appears TeamPCP is not collaborating with ShinyHunters and actively beefing with them. "What we are seeing looks less like a clean handoff between separate groups, and more like a convergence of cybercriminal ecosystems around the same access," Seker says.  While TeamPCP drove the initial supply chain compromises and credential theft, ShinyHunters and Lapsus$ are now showing up in the monetization and extortion layer, he says, though it's not clear how they obtained the stolen data. "At this stage, that does not prove formal operational alignment, but it does strongly suggest that once high-value access or stolen data emerges from a supply chain intrusion, other extortion actors can move in very quickly to amplify pressure, visibility, and potential profit," Seker says. Muddying the waters further, TeamPCP has also announced a formal alliance with Vect, an emerging ransomware gang. That changes the risk calculus considerably, according to Tomer Peled, security researcher at Akamai. "The fact that both teams are now working together raises the risk potential significantly," Peled tells Dark Reading. "Vect will now have access to potentially millions of victims who can be infected with their ransomware through TeamPCP's RAT." As Akamai documented in a recent blog post, the compromised Telnyx PyPI package featured a three-stage remote access Trojan (RAT) that gives TeamPCP and Vect actors backdoor access to other organizations that downloaded the poisoned SDK. Additionally, given the volume of credentials already in TeamPCP's possession, Peled warns that more compromised libraries are likely to be discovered. "TeamPCP will use their stolen credentials to keep installing their RAT on as many victims as possible," he says. Seker says the involvement of third-party threat groups should "absolutely" change how organizations view the risk of the TeamPCP supply chain attacks.  "The old assumption was that a software supply chain attack was mainly a downstream integrity problem," he says. "What these cases show is that it can become an immediate enterprise breach problem, where compromised packages lead to stolen secrets, cloud access, SaaS exposure, repository cloning, and then possible extortion by additional actors." About the Author Rob Wright Senior News Director, Dark Reading Rob Wright is a longtime reporter with more than 25 years of experience as a technology journalist. Prior to joining Dark Reading as senior news director, he spent more than a decade at TechTarget's SearchSecurity in various roles, including senior news director, executive editor and editorial director. Before that, he worked for several years at CRN, Tom's Hardware Guide, and VARBusiness Magazine covering a variety of technology beats and trends. Prior to becoming a technology journalist in 2000, he worked as a weekly and daily newspaper reporter in Virginia, where he won three Virginia Press Association awards in 1998 and 1999. He graduated from the University of Richmond in 1997 with a degree in journalism and English. A native of Massachusetts, he lives in the Boston area.  Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Gartner IGA Voice of the Customer 2026 Cybersecurity Forecast 2026 The ROI of AI in Security Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like THREAT INTELLIGENCE Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish by Jai Vijayan MAR 17, 2026 THREAT INTELLIGENCE React2Shell Exploits Flood the Internet as Attacks Continue by Rob Wright DEC 12, 2025 THREAT INTELLIGENCE Iran Exploits Cyber Domain to Aid Kinetic Strikes by Robert Lemos, Contributing Writer NOV 26, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ CYBER RISK What Orgs Can Learn From Olympics, World Cup IR Plans byTara Seals MAR 12, 2026 THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection LOADING... Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers How Sunrun Transformed Security Operations with AiStrike Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity Explore More White Papers BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE