Thousands hacked by TeamPCP: attackers now being hunted by the FBI
The hackers behind notorious supply chain worms, such as the Shai Hulud variants, are now in the FBI’s crosshairs.

Image by Cybernews.
- The FBI has issued a flash alert regarding TeamPCP's large-scale supply chain cyberattacks.
- TeamPCP malware compromised over 1,000 cloud environments and exfiltrated sensitive organizational credentials, according to Sophos.
- FBI urges organizations to secure CI/CD pipelines and implement least-privilege access to prevent further breaches.
The Federal Bureau of Investigation (FBI) has issued a “Flash” alert warning about TeamPCP, a threat actor believed to be responsible for a wave of devastating supply chain attacks this year that affected over 1,000 cloud environments.
TeamPCP has been making headlines since December 2025, when it launched a mass exploitation campaign targeting the React2Shell vulnerability. Since then, they have pivoted to major supply chain attacks affecting nearly all major code repositories.
The FBI’s alert lists the threat actor’s tactics, provides recommendations for protecting organizations, and urges them to share any information on suspected TeamPCP intrusions.
“TeamPCP actors have conducted large-scale software supply chain compromises by targeting widely used developers and security tools, gaining access to victim environments and extracting sensitive data, including but not limited to cloud access tokens, SSH keys, and Kubernetes secrets,” the document reads.
The FBI attributes 4 malware variants to the threat actor, whose modus operandi is to sneak malicious code into trusted software distribution channels, such as legitimate, highly depended-on packages:
- CanisterWorm: harvests sensitive information, including cloud access tokens, credentials, API keys, and other secrets associated with AWS, GCP, Microsoft Azure, and other cloud services.
- SANDCLOCK: a credential-stealing tool used to extract AWS credentials, Kubernetes ServiceAccount tokens, local environment variables, and cryptocurrency wallet data.
- Mini Shai-Hulud: a self-replicating, cross-ecosystem (npm/PyPI) software supply chain worm.
- Miasma: Mini Shai-Hulud variant that self-propagates across open-source registries, including npm and PyPI, harvesting credentials and poisoning configuration files.
The credential-stealing malware was pushed with trojanized package updates, which were later pulled by developers.
“TeamPCP modified tools, including, but not limited to, Trivy, KICS, LiteLLM, and the Telnyx Python SDK,” the FBI said.
The advisory lists multiple IP addresses and domains previously used by TeamPCP. However, they’re likely to be already rotated.
The FBI is urging organizations to implement detailed actions to prevent further unauthorized access.
Check if your data has been leaked
“Pin all GitHub Actions workflows to verified commit SHA hashes rather than floating version tags or branch references,” the first recommendation reads.
The advisory also recommends enforcing least-privilege permissions on all CI/CD service accounts and registry publishing tokens, requiring multi-factor authentication, checking repositories and accounts for potential signs of compromise, and more.
Sophos, a cybersecurity company, released a separate report on TeamPCP, warning that it has partnered with the Vect ransomware gang.
“TeamPCP compromised 4 widely deployed security and AI tooling packages, propagated a worm across more than 48 npm packages, and impacted over 1,000 enterprise software-as-a-service (SaaS) environments,” the Sophos researchers said, describing one of TeamPCP’s campaigns.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
“Approximately 300GB of compressed data was exfiltrated, including an estimated 500,000 individual credential sets.”
TeamPCP reportedly heavily relies on AI tools, which often leave serious bugs in its malware – it is still capable of causing serious damage, and makes attacks faster and more scalable.
“Credentials harvested through supply chain compromises enable large‑scale ransomware deployment,” Sophos warns.
The researchers urge organizations to verify third-party software dependencies before deploying them across the environments.