TeamPCP Supply Chain Campaign: Update 008
TeamPCP has ended its 26-day pause in supply chain attacks, executing three concurrent compromises across npm, PyPI, and Docker Hub in late April 2026. The attacks included a Docker Hub compromise of Checkmarx KICS, a self-propagating npm worm named CanisterSprawl, and a downstream compromise of Bitwarden's CLI tool via CI/CD pipeline infection. Despite prior monetization failures, analysts believe the group remains operationally capable and active.
- ▪TeamPCP compromised the Checkmarx KICS Docker Hub repository on April 22, 2026, which led to a cascading compromise of the @bitwarden/cli package.
- ▪The xinference PyPI package was poisoned on April 22 with a TeamPCP marker, though the group publicly denied responsibility.
- ▪A self-propagating npm worm named CanisterSprawl was identified on April 21, spreading across multiple publisher namespaces and exfiltrating credentials to an Internet Computer Protocol canister.
- ▪The CanisterSprawl worm can transition from npm to PyPI if a PyPI publish token is found on an infected system, indicating cross-ecosystem capabilities.
- ▪Although ADT reported a cloud breach on April 20 attributed to a vishing attack, it is not confirmed as part of the TeamPCP campaign despite ShinyHunters' involvement in the leak threat.
Opening excerpt (first ~120 words) tap to expand
function maxarticle() { var article=document.getElementsByTagName('article'); var cn=article[0].className; if ( article[0].className=='fullscreen' ) { article[0].className='normal'; } else { article[0].className='fullscreen'; } } TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns Published: 2026-04-27. Last Updated: 2026-04-27 14:01:17 UTC by Kenneth Hartman (Version: 1) 0 comment(s) This update succeeds TeamPCP Supply Chain Campaign Update 007, published April 8, 2026, which left the campaign in credential-monetization mode following the Cisco source code theft via Trivy-linked credentials, Google GTIG's formal designation…
Excerpt limited to ~120 words for fair-use compliance. The full article is at SANS Internet Storm Center.
Discussion
0 commentsMore from SANS Internet Storm Center
