Sophos
Vect and TeamPCP Form Alliance for Ransomware Operations
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In late March 2026, the Vect ransomware group partnered with TeamPCP, a credential theft specialist, to enhance their cybercriminal operations. This collaboration aims to leverage TeamPCP's extensive credential harvesting capabilities alongside Vect's ransomware deployment infrastructure, targeting organizations through supply chain attacks. TeamPCP gained notoriety for exploiting the React2Shell vulnerability (CVE-2025-55182) and has been linked to significant breaches, including a compromise of Aqua Security's Trivy scanner, affecting over 10,000 CI/CD workflows and stealing more than 500,000 login credentials. The partnership marks a notable shift in the ransomware landscape, as it allows for a more industrialized approach to cybercrime, increasing the risk for organizations with compromised credentials. The FBI has issued warnings regarding TeamPCP's activities, highlighting their history of large-scale software supply chain compromises.
Key Points: • Vect and TeamPCP have formed a partnership to enhance ransomware operations. • TeamPCP's credential theft has compromised over 500,000 login credentials from various organizations. • The collaboration signifies a shift towards industrialized ransomware tactics in the cyber threat landscape.