BREACHFORUMS and TeamPCP have promoted a “supply chain competition” that invites threat actors to conduct the “biggest supply chain attack” using open-sourced “Shai-Hulud” tooling, framing cybercrime as a collaborative challenge rather than isolated acts. The piece argues that gamification can normalise offensive activity by enabling public recruitment, shared tooling, and community-driven attack campaigns that reward participation with status, recognition, and money.
It notes that NoName057(16) previously used a voluntary botnet model with the DDoSia tool, where participants joined attacks through propaganda, points, rankings, team-style activity and occasional cryptocurrency rewards, according to SOCRadar’s analysis.
The article emphasises that supply chain attacks remain attractive because compromising a single trusted dependency can affect many downstream organisations, with warnings to watch for suspicious package updates, CI/CD changes, and other indicators across underground channels linked to TeamPCP or Shai-Hulud narratives.
It concludes that SOCRadar Supply Chain Intelligence can help organisations monitor third-party risk through a combined view of CTI, DRP, and ASM insights, including vendor exposure and leaked data, to stay ahead in a landscape where underground actors openly compete around supply chain compromise.