Between February and March 2026, the threat group TeamPCP executed a series of well-orchestrated multi-stage attacks targeting security and development infrastructure. They compromised popular and widely used security tools such as Trivy (vulnerability scanner), KICS (infrastructure-as-code scanner), LiteLLM (AI model gateway), and the official Telnyx SDK. These strategic attacks implanted sophisticated infostealer malware in GitHub Actions repositories and PyPI registries, exfiltrating highly sensitive data like cloud access tokens, SSH keys, Kubernetes secrets, and critical provider credentials. The malware known as CanisterWorm was designed for long-term persistence and lateral movement. The sophistication of the attack indicates a targeted threat against the complete supply chain of development and security tools.
Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure
Summary: TeamPCP executed a series of well-orchestrated multi-stage supply chain attacks targeting security and development infrastructure. They compromised popular and widely used security tools such as Trivy (vulnerability scanner), KICS (infrastructure-as-code scanner), LiteLLM (AI model gateway), and the official Telnyx SDK. These strategic attacks implanted sophisticated infostealer malware in GitHub Actions repositories and PyPI registries, exfiltrating highly sensitive data like cloud access tokens, Kubernetes secrets, and critical provider credentials. The malware known as CanisterWorm was designed for long-term persistence and lateral movement. The sophistication of the attack indicates a targeted threat against the complete supply chain of development and security tools.
Key facts
- TeamPCP compromised popular security and software development tools.
- They introduced infostealer malware into GitHub Actions and PyPI.
- They exfiltrated highly sensitive data like cloud access tokens and Kubernetes secrets.
Why it matters
These attacks put at risk the security infrastructure and software used by organizations across various sectors, exposing sensitive credentials and allowing unauthorized access.