Vect and TeamPCP Form Alliance for Ransomware Operations

Vect and TeamPCP Form Alliance for Ransomware Operations

First seen 2 Jul 2026, 22:50 UTC News.SophosSophoswww.ic3.govwww.f5.comInfosecurity-Magazine 95% similarity 69.8
Share:

Article Content

Browse articles
ThreatCluster

In late March 2026, the Vect ransomware group partnered with TeamPCP, a credential theft specialist, to enhance their cybercriminal operations. This collaboration aims to leverage TeamPCP's extensive credential harvesting capabilities alongside Vect's ransomware deployment infrastructure, targeting organizations through supply chain attacks. TeamPCP gained notoriety for exploiting the React2Shell vulnerability (CVE-2025-55182) and has been linked to significant breaches, including a compromise of Aqua Security's Trivy scanner, affecting over 10,000 CI/CD workflows and stealing more than 500,000 login credentials. The partnership marks a notable shift in the ransomware landscape, as it allows for a more industrialized approach to cybercrime, increasing the risk for organizations with compromised credentials. The FBI has issued warnings regarding TeamPCP's activities, highlighting their history of large-scale software supply chain compromises.

Key Points: • Vect and TeamPCP have formed a partnership to enhance ransomware operations. • TeamPCP's credential theft has compromised over 500,000 login credentials from various organizations. • The collaboration signifies a shift towards industrialized ransomware tactics in the cyber threat landscape.

ThreatCluster AI

Timeline

2025-03-21
CVE-2025-29927 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2025-12-03
CVE-2025-55182 published
A critical pre-authentication RCE flaw in React Server Components was disclosed, impacting multiple organizations.
News.Sophos
2025-12-25
First public PoC for CVE-2025-55182
Public proof of concept for the React2Shell vulnerability was released, leading to widespread exploitation.
News.Sophos
2026-02-06
CVE-2026-1731 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-02-09
CVE-2026-1868 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-03-01
Aqua Security attempts to mitigate Trivy compromise
Aqua Security discovered a breach in their Trivy development systems but failed to fully eliminate the threat, allowing continued access.
News.Sophos
2026-03-19
TeamPCP attacks Trivy at scale
TeamPCP tampered with the Trivy scanner program, leading to the distribution of malware disguised as legitimate updates.
News.Sophos
2026-07-02
Sophos reports on Vect and TeamPCP partnership
Sophos details the operational partnership between Vect and TeamPCP, highlighting the implications for organizations with compromised credentials.
Infosecurity-Magazine

Community

Browse all →