Hackers oust TeamPCP from breached systems, remove malware tools quickly

A separate group of hackers has been moving through systems already breached by TeamPCP, kicking out the original intruders and quickly removing their malware tools. The pattern turns each victim network into contested territory, where one compromise can be followed by another wave of intrusion, cleanup, and uncertainty.

TeamPCP, also tracked as PCPcat, ShellForce, DeadCatx3, Persy_PCP, and CipherForce, has been active since at least September 2025 and drew wider attention in December 2025 after a cloud-native worm campaign abused exposed Docker APIs, Kubernetes clusters, Ray dashboards, Redis servers, and the React2Shell vulnerability. By March 2026, the group had broadened into supply-chain compromise, striking Aqua Security’s Trivy on March 19, Checkmarx KICS on March 23, LiteLLM on March 24, and Telnyx on March 27.

The malicious code was built to steal cloud tokens, SSH keys, Kubernetes secrets, and CI/CD credentials from GitHub Actions and PyPI packages. Palo Alto Networks Unit 42 said the campaign may have exfiltrated more than 300 GB of data and roughly 500,000 credentials. Researchers also said the operation spread beyond a single package ecosystem into npm, Docker Hub, VS Code and OpenVSX, and PyPI, widening the number of companies and developers exposed to the same poisoned toolchain.

Wiz said it tracked the intrusions over a two-week span and saw stolen secrets validated and used within hours of theft, including cloud discovery activity as quickly as 24 hours later. Microsoft said TeamPCP used access from a prior incident that had not been fully remediated to inject credential-stealing malware into Trivy releases. Investigators also said they could not rule out the stolen secrets being shared with other groups, a reminder that once access leaks into criminal hands, it can keep circulating.

The damage has already reached beyond developer tooling. CERT-EU linked a major European Commission cloud breach to the Trivy-related supply-chain attack, underscoring how a compromise in one trusted utility can ripple into government systems. TeamPCP also announced a partnership with the Vect ransomware group, adding another layer of risk to an ecosystem already defined by fast reuse of stolen access, rapid follow-on attacks, and attackers evicting other attackers long after the first breach.