Sophos
Vect and TeamPCP Collaborate on Ransomware and Supply Chain Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In March 2026, cybercriminal groups Vect and TeamPCP formed a partnership to enhance their ransomware operations. This collaboration combines TeamPCP's credential harvesting and data theft with Vect's ransomware deployment infrastructure, targeting multiple organizations through supply chain attacks. TeamPCP, known for exploiting the React2Shell vulnerability (CVE-2025-55182), gained notoriety for a worm-driven campaign affecting sectors like technology, finance, and healthcare across various countries. Their attacks included a significant breach of the Trivy vulnerability scanner, where attackers tampered with the software to distribute malware. The campaign has impacted organizations in Canada, Serbia, South Korea, the UAE, and the United States. The partnership signifies a growing trend of collaboration among cybercriminals to increase operational effectiveness and reach.
Key Points: • Vect and TeamPCP have partnered to enhance ransomware and data theft operations. • TeamPCP exploited the critical React2Shell vulnerability (CVE-2025-55182) in their campaigns. • The attacks have affected organizations in multiple sectors across several countries.