Vect and TeamPCP Collaborate on Ransomware and Supply Chain Attacks

Vect and TeamPCP Collaborate on Ransomware and Supply Chain Attacks

First seen 2 Jul 2026, 22:50 UTC News.SophosSophoswww.ic3.govwww.f5.com 98% similarity 63.9
Share:

Article Content

Browse articles
ThreatCluster

In March 2026, cybercriminal groups Vect and TeamPCP formed a partnership to enhance their ransomware operations. This collaboration combines TeamPCP's credential harvesting and data theft with Vect's ransomware deployment infrastructure, targeting multiple organizations through supply chain attacks. TeamPCP, known for exploiting the React2Shell vulnerability (CVE-2025-55182), gained notoriety for a worm-driven campaign affecting sectors like technology, finance, and healthcare across various countries. Their attacks included a significant breach of the Trivy vulnerability scanner, where attackers tampered with the software to distribute malware. The campaign has impacted organizations in Canada, Serbia, South Korea, the UAE, and the United States. The partnership signifies a growing trend of collaboration among cybercriminals to increase operational effectiveness and reach.

Key Points: • Vect and TeamPCP have partnered to enhance ransomware and data theft operations. • TeamPCP exploited the critical React2Shell vulnerability (CVE-2025-55182) in their campaigns. • The attacks have affected organizations in multiple sectors across several countries.

ThreatCluster AI

Timeline

2025-12-03
CVE-2025-55182 published
A critical remote code execution vulnerability in React Server Components was disclosed.
Sophos
2025-12-05
CVE-2025-55182 added to CISA KEV
CISA recognized the vulnerability as actively exploited in the wild.
Sophos
2025-12-25
First public PoC for CVE-2025-55182
A proof of concept for exploiting the React2Shell vulnerability was released publicly.
Sophos
2026-03-01
Aqua Security attempts to mitigate Trivy breach
Aqua Security discovered a compromise in their development systems but failed to fully clean it up.
Sophos
2026-03-19
TeamPCP strikes at scale
Attackers tampered with the Trivy scanner and published a poisoned version, distributing malware.
Sophos
2026-03-2026
Vect and TeamPCP partnership announced
The two groups formalized their collaboration to enhance ransomware and data theft operations.
Sophos

Community

Browse all →