TeamPCP is leveraging compromised credentials obtained including recent supply chain incidents and access cloud and software-as-a-service (SaaS) environments.
This month, unauthorized modifications affected several open source software projects, beginning with the Aqua Security-maintained Trivy scanner and Checkmarx's KICS static code analysis tool. The threat actors subsequently compromised LiteLLM, an open source Python library, and the PyPI package of Telnyx, which developers use for voice AI agents.
Across all four campaigns, the objective remained consistent: utilize modified open source software to deploy credential-harvesting utilities within organizations. These tools are designed to collect user credentials, API keys, SSH keys, and other sensitive secrets.
TeamPCP has since escalated its operations, using these compromised credentials to gain unauthorized access to AWS and Azure environments, as well as various SaaS instances. This progression shows why rapid response protocols are necessary following supply chain exposures. Organizations that delay rotating and revoking exposed credentials face an elevated risk of unauthorized access.
TeamPCP expands cloud access operations
In a recent security bulletin, Wiz Research detailed how its customer incident response team (CIRT) investigated and addressed multiple incidents linked to TeamPCP following the initial supply chain compromises.
The Wiz CIRT first detected the unauthorized use of credentials on March 19, observing threat actors utilizing the Trufflehog open source tool to validate the exposed secrets. The team noted validation activity targeting AWS access keys, Azure application secrets, and various SaaS tokens.
Within the affected AWS environments, the Wiz CIRT observed that the threat actors rapidly utilized the compromised secrets. Researchers noted that discovery operations began as quickly as 24 hours after the initial credential exposure.
TeamPCP conducted extensive enumeration in affected AWS environments, gathering data on identity and access management roles and S3 buckets, while specifically mapping Amazon Elastic Container Service (ECS) instances.
Following enumeration, the unauthorized parties extracted data including S3 buckets and AWS Secrets Manager. They also utilized the ECS Exec feature to execute Bash commands and Python scripts on running containers. According and Wiz researchers, this access allowed the threat actors to further map the environment and access additional sensitive data.
Wiz Research indicated to Dark Reading that while they do not provide specific figures on the number of impacted environments, the activity spans multiple cloud platforms. "What we can share is that our research shows this activity isn't limited to a single cloud," Wiz Research noted. "We've observed compromises across Azure, GitHub, and other SaaS providers, reflecting how threat actors reuse validated credentials across environments."
The importance of rapid response
Beyond AWS environments, the Wiz CIRT documented unauthorized activity in GitHub, where TeamPCP utilized the platform's workflows to execute code in targeted repositories. The researchers noted that the threat actors also used compromised GitHub Personal Access Tokens to clone repositories at scale.
These escalating operations indicate that TeamPCP prioritizes speed over stealth. The campaigns demonstrate the necessity for swift incident response when credentials are exposed. Wiz Research stated that organizations taking immediate action to revoke or rotate access successfully limited their overall exposure.
We recommend that any organization potentially impacted by the supply chain compromises affecting Trivy, KICS, LiteLLM, or Telnyx immediately rotate all related secrets and credentials. Because threat actors may have established access to cloud instances prior to credential rotation, security teams should methodically hunt for anomalous activity within their environments.
Key indicators of suspicious activity include the unusual use of VPNs, a high volume of "git.clone" events within a short timeframe, and unexpected enumeration processes. Wiz has published specific indicators of compromise (IOCs) for the TeamPCP campaigns, and we advise security teams to monitor for these patterns while ensuring comprehensive audit logging is enabled across their infrastructure.