Researchers have observed a “dangerous convergence” between supply chain attackers and extortion gangs like Lapsus$ as TeamPCP looks to exploit stolen credentials.
In a new report published on March 30, security researchers at Wiz, now part of Google Cloud, said they found evidence that TeamPCP was exploring ways to monetize the secrets harvested during these campaigns, such as cloud credentials, SSH keys, Kubernetes configuration files and other coding process secrets.
The threat group had been observed validating, encrypting and exfiltrating theses secrets to attacker-controlled domains.
“While the speed at which they were used suggests that it was the work of the same threat actors responsible for the supply chain operations, we are not able to rule out the secrets being shared with other groups and used by them,” the Wiz researchers wrote.
TeamPCP: Alleged Ties to Ransomware Groups
In a message shared with Infosecurity, Wiz confirmed that TeamPCP was “explicitly collaborating with the notorious extortion group Lapsus$ to perpetuate the chaos.”
Lapsus$ is an extortion-focused hacking group known for high-profile breaches via social engineering and credential theft, with suspected tactical overlaps – but no confirmed organizational ties – to Scattered Spider and ShinyHunters.
Ben Read, a lead researcher at Wiz, told Infosecurity: “We are seeing a dangerous convergence between supply chain attackers and high-profile extortion groups like Lapsus$. By moving horizontally across the ecosystem – hitting tools like liteLLM that are present in over a third of cloud environments – they are creating a ‘snowball effect.’ This isn’t an isolated incident; it’s a systemic campaign that requires security teams to take action and will likely continue to expand.”
Meanwhile, Socket, one of the earliest firms to report the TeamPCP software supply chain attacks, shared posts attributed to the Vect ransomware group on BreachForums announcing a partnership with TeamPCP as part of its research into the group.
“Vect Ransomware Group is now partnering with TeamPCP, the operators behind the latest Trivy / LiteLLM supply chain compromises. Together, we are ready to deploy ransomware across all affected companies that got hit by these attacks, and we won’t stop there. We will pull off even bigger supply chain operations. We will chain these compromises into devastating follow-on ransomware campaigns,” the message read.
Vect is an emerging Russian-speaking ransomware-as-a-service (RaaS) group, operating as a structured affiliate model where core developers build the ransomware and affiliates carry out attacks, earning up to 80–88% of the profits.
TeamPCP Behind Wave of Malicious PyPI Packages
The cyber threat group known as TeamPCP recently rose to notoriety by uploading malicious packages to Python Package Index (PyPI), the official online repository where developers share and download Python software packages. The group typically uses typosquatting to trick developers into downloading them.
In one campaign, the group targeted Trivy, a widely used open-source vulnerability scanner owned by Aqua Security, by injecting credential-stealing malware into official releases and GitHub Actions.
TeamPCP subsequently injected the same malware into Checkmarx’s KICS scanner through GitHub Actions and OpenVSX extensions.
Later, researchers discovered TeamPCP targeted LiteLLM AI Gateway, a popular Python library for AI model integration.
A fourth TeamPCP campaign affected the Telnyx Python package on PyPI and led, once again, to the delivery of credential-stealing malware.
