What is TeamPCP and how do they attack?

TeamPCP uploads fake PyPI packages mimicking tools like Trivy or LiteLLM, stealing creds via malware in GitHub Actions and extensions.

Are TeamPCP attacks linked to ransomware?

Yes—partnering with Lapsus$ and Vect Ransomware, using stolen secrets for follow-on extortion and encrypts.

How can I protect against TeamPCP supply chain hacks?

Verify packages with sigstore, audit dependencies, rotate creds often, use private repos for sensitives.

🕳️ Vulnerabilities & CVEs

TeamPCP's Stolen Secrets Pipeline: Fueling Ransomware Rampage

Your next PyPI download could hand hackers your cloud keys. TeamPCP's blending supply chain hacks with extortion gangs, turning dev tools into ransomware launchpads.

Threat Digest Apr 02, 2026 4 min read 12 views

TeamPCP hackers exploiting PyPI packages for ransomware with Lapsus$ and Vect logos

⚡ Key Takeaways

TeamPCP steals cloud creds via PyPI typosquatting and GitHub injections, now selling to Lapsus$ and Vect Ransomware. 𝕏
Attacks create a 'snowball effect' hitting tools in one-third of cloud environments. 𝕏
Expect more RaaS-supply chain partnerships; audit your dev pipelines now. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#Lapsus$ #LiteLLM ransomware #TeamPCP #ransomware #supply chain attacks

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by InfoSecurity Magazine

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Hacker Gangs Clash Over TeamPCP's Supply Chain Rampage

0ktapus Phishing Snags 10,000 Credentials Across 130 Companies—Your MFA Is the Weak Link

CanisterWorm: Cybercrooks Hijack Iran Tensions for Cloud Data Heists

TeamPCP's Credential Blitz: AWS and Azure Fall in Hours, Not Days

Stay in the loop