TeamPCP Supply Chain Attack Compromises Databricks Platform

TeamPCP Supply Chain Attack Compromises Databricks Platform

First seen 30 Mar 2026, 15:14 UTC CybersecuritynewsIsc.Sans.EduDarkreading 73% similarity 67.5

Article Content

Browse articles
ThreatCluster

Databricks is investigating a potential security compromise linked to the TeamPCP supply chain attack. This incident follows a notification from International Cyber Digest, which indicated that Databricks was alerted last week. The TeamPCP campaign has previously targeted various security tool vendors, and a Databricks compromise would mark the first major cloud platform victim of this campaign. Analysts have identified TeamPCP as operating under multiple aliases and running dual ransomware operations, including their proprietary CipherForce program. The attack is believed to involve a credential trove of 300 GB, which could impact organizations using Databricks. As of now, Databricks has not issued an official statement regarding the breach. Organizations using Databricks are advised to monitor for updates and treat potentially compromised credentials with caution.

Key Points: • Databricks is investigating a potential compromise linked to the TeamPCP supply chain attack. • TeamPCP operates under multiple aliases and runs two parallel ransomware operations. • Organizations using Databricks should treat their credentials as potentially compromised.

ThreatCluster AI

Timeline

2026-03-23
CVE-2026-33634 published
2026-03-25
First public PoC for CVE-2026-33634
2026-03-26
CVE-2026-33634 added to CISA KEV for active exploitation
2026-03-28
First 48-hour pause in new compromises reported
2026-03-30
Databricks confirms investigation into alleged compromise

Community

Browse all →