securityaffairs.com 7/4/2026, 8:42:14 AM · external

FBI warns TeamPCP hijacks dev tools to steal cloud credentials

FBI warns TeamPCP hijacks dev tools to steal cloud credentials
Developing story breach 2 articles tracked
TeamPCP supply chain attack compromises developer tools to steal cloud credentials
CyberSIXT Evidence Panel
Primary Source ic3.gov
Threat Actor

THE FBI issued a FLASH alert on July 2, 2026, regarding the criminal group TeamPCP, which has compromised popular developer tools to steal cloud credentials. The group employs a supply chain attack method, injecting malware into legitimate software packages like Trivy and KICS. This allows them to harvest sensitive data including API keys and SSH tokens from vulnerable environments.

TeamPCP is known for deploying various malware families that facilitate credential theft and self-propagation across software repositories. The FBI warns that any stolen credentials should be treated as permanently compromised, suggesting organizations enforce stringent security measures. They recommend rotating credentials, implementing multi-factor authentication, and securing CI/CD pipelines against unauthorized access.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline