TeamPCP Supply Chain Attack Compromises Databricks Platform

Severity: High (Score: 67.5)

Sources: Cybersecuritynews, Isc.Sans.Edu

Summary

Databricks is investigating a potential security compromise linked to the TeamPCP supply chain attack. This incident follows a notification from International Cyber Digest, which indicated that Databricks was alerted last week. The TeamPCP campaign has previously targeted various security tool vendors, and a Databricks compromise would mark the first major cloud platform victim of this campaign. Analysts have identified TeamPCP as operating under multiple aliases and running dual ransomware operations, including their proprietary CipherForce program. The attack is believed to involve a credential trove of 300 GB, which could impact organizations using Databricks. As of now, Databricks has not issued an official statement regarding the breach. Organizations using Databricks are advised to monitor for updates and treat potentially compromised credentials with caution. Key Points: • Databricks is investigating a potential compromise linked to the TeamPCP supply chain attack. • TeamPCP operates under multiple aliases and runs two parallel ransomware operations. • Organizations using Databricks should treat their credentials as potentially compromised.

Key Entities

• Data Breach (attack_type)
• Ransomware (attack_type)
• Supply Chain Attack (attack_type)
• TeamPCP Supply Chain Campaign (campaign)
• Aqua (company)
• AstraZeneca (company)
• BerriAI (company)
• Checkmarx (company)
• Telnyx (company)
• Databricks (platform)
• OwnCloud (platform)
• Crates.io (platform)
• AWS CloudFormation (platform)
• Databricks Platform (platform)
• CVE-2026-33634 (cve)
• sans.org (domain)
• CanisterWorm (malware)
• T1003 - OS Credential Dumping (mitre_attack)
• T1195 - Supply Chain Compromise (mitre_attack)
• GitHub Actions (tool)
• Npm (tool)
• CipherForce (ransomware_group)
• Vect (ransomware_group)