BETWEEN late February and March 2026, threat group TeamPCP conducted a multi-stage supply chain campaign targeting trusted security tools, including Aqua Security Trivy, Checkmarx KICS and the LiteLLM gateway, with the operation expanding to the Telnyx Python SDK. According to Unit 42, the attackers injected malicious infostealer payloads into GitHub Actions and PyPI registries, enabling data exfiltration of cloud tokens, SSH keys and Kubernetes secrets during routine workflows.
The group is believed to have exfiltrated data from over 500,000 infected machines and more than 300 GB of data, and to have infected 16 victim organisations as of late March 2026, with 47 additional packages affected across several namespaces. The latest wave also introduced CanisterWorm, a worm with a decentralized C2 architecture and a destructive wiper component observed targeting Iran, and the campaign escalated to combining forces with CipherForce and Vect to publish breach information.
The article notes notable indicators such as 16 organisations disclosed on BreachForums and 300 GB of data exfiltrated, with the operation mounting through SDK-squatting and npm/NPM publishing token abuse to broaden its reach. According to Unit 42, Palo Alto Networks recommends hardening SBOM visibility, CI/CD policies and auditing vulnerable packages to mitigate lateral movement and data exfiltration.