www.darkreading.com 4/3/2026, 4:31:23 PM · via preferred

TeamPCP supply chain breach hits Mercor and EU Commission clouds

CyberSIXT Evidence Panel
Threat Actor
TeamPCP

THE piece traces how TeamPCP’s high-profile supply chain attacks are rippling across multiple fronts, with two victim organisations disclosing breaches this week.

On Tuesday, AI startup Mercor said on X that it was “one of thousands of companies impacted by a supply chain attack involving LiteLLM.” And on Thursday, CERT-EU disclosed that a recent attack on the European Commission’s cloud and Web infrastructure stemmed from the Trivy supply chain, according to CERT-EU, which noted credentials harvested from a compromised Trivy version were used to access the EC’s AWS cloud environment.

The developments were further complicated when CERT-EU confirmed that ShinyHunters published an exfiltrated data set and that Lapsus$, tied to ShinyHunters and Scattered Spider, claimed to possess 4 TB of Mercor’s internal data. Dark Reading also reports that TeamPCP has announced a formal alliance with Vect, and that threat groups are converging on the same access, potentially expanding the extortion and impact.

According to Wiz, speed is a real lesson, with breaches occurring largely within hours as stolen credentials are weaponised to reach AWS, Azure and SaaS environments.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline