The TeamPCP threat group has pivoted from its aggressive campaign of supply chain attacks via malicious packages on PyPI to a partnership with an emerging ransomware-as-a-service operation. While their recent spree of publishing tainted SDKs has temporarily slowed, the collaboration signifies an escalation in threat severity and potential impact. Security teams should monitor for indicators of compromise from the listed packages and prepare for potential ransomware activity associated with this group.
TeamPCP’s destructive run of supply chain breaches has stopped, for now: it has been three days since the group published malicious versions of Telnyx’s SDK on PyPI, and there haven’t been reports of new open-source project compromises. Partnership with emerging RaaS operation “The prior operational cadence was aggressive – a new target every 1-3 days (Trivy [on] March 19, CanisterWorm [on] March 20-22, Checkmarx [on] March 23, LiteLLM [on] March 24, Telnyx [on] March 27),” … More → The post TeamPCP’s attack spree slows, but threat escalates with ransomware pivot appeared first on Help Net Security .