ADVERTISEMENT

Thousands hacked by TeamPCP: attackers now being hunted by the FBI

The hackers behind notorious supply chain worms, such as the Shai Hulud variants, are now in the FBI’s crosshairs.

attack using Shai-Hulud

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Jul 3, 2026 2 min read
Key takeaways:
  • CanisterWorm: harvests sensitive information, including cloud access tokens, credentials, API keys, and other secrets associated with AWS, GCP, Microsoft Azure, and other cloud services.
  • SANDCLOCK: a credential-stealing tool used to extract AWS credentials, Kubernetes ServiceAccount tokens, local environment variables, and cryptocurrency wallet data.
  • Mini Shai-Hulud: a self-replicating, cross-ecosystem (npm/PyPI) software supply chain worm.
  • Miasma: Mini Shai-Hulud variant that self-propagates across open-source registries, including npm and PyPI, harvesting credentials and poisoning configuration files.
ADVERTISEMENT

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites
ADVERTISEMENT