THE piece traces how TeamPCP’s high-profile supply chain attacks are rippling across multiple fronts, with two victim organisations disclosing breaches this week.
On Tuesday, AI startup Mercor said on X that it was “one of thousands of companies impacted by a supply chain attack involving LiteLLM.” And on Thursday, CERT-EU disclosed that a recent attack on the European Commission’s cloud and Web infrastructure stemmed from the Trivy supply chain, according to CERT-EU, which noted credentials harvested from a compromised Trivy version were used to access the EC’s AWS cloud environment.
The developments were further complicated when CERT-EU confirmed that ShinyHunters published an exfiltrated data set and that Lapsus$, tied to ShinyHunters and Scattered Spider, claimed to possess 4 TB of Mercor’s internal data. Dark Reading also reports that TeamPCP has announced a formal alliance with Vect, and that threat groups are converging on the same access, potentially expanding the extortion and impact.
According to Wiz, speed is a real lesson, with breaches occurring largely within hours as stolen credentials are weaponised to reach AWS, Azure and SaaS environments.