TeamPCP Supply Chain Campaign — Campaign Analysis & Threat Activity

Threat entity extracted from intelligence sources

Frequency
4
occurrences
First Seen
March 25, 2026
Last Seen
May 14, 2026

TeamPCP Supply Chain Campaign is a threat campaign tracked across 4 threat clusters and 4 intelligence report mentions on ThreatCluster. First observed March 25, 2026; most recent activity May 14, 2026.

Related Threat Clusters

  • LiteLLM Python Package Compromised in Major Supply Chain Attack by TeamPCP

    On March 24, 2026, two malicious versions of the LiteLLM Python package (1.82.7 and 1.82.8) were published on PyPI, containing credential-stealing malware. The attack, attributed to the TeamPCP threat group, exploited…

    53 articles · Updated March 24, 2026
  • Mercor Cyberattack Linked to LiteLLM Supply Chain Compromise

    AI recruiting startup Mercor confirmed it was impacted by a supply chain attack linked to the LiteLLM project, which has affected thousands of organizations. The breach was attributed to the hacking group TeamPCP, with…

    30 articles · Updated April 1, 2026
  • TeamPCP Targets CI/CD Pipelines to Steal Developer Credentials

    TeamPCP, a financially motivated threat actor, has been conducting a campaign targeting software supply chains from March 19 to April 24, 2026. The group exploited trusted CI/CD and release workflows to steal sensitive…

    4 articles · Updated May 15, 2026
  • TeamPCP Supply Chain Attack Compromises Databricks Platform

    Databricks is investigating a potential security compromise linked to the TeamPCP supply chain attack. This incident follows a notification from International Cyber Digest, which indicated that Databricks was alerted…

    4 articles · Updated March 30, 2026

Recent Intelligence Reports

  • Analyzing TeamPCP's Supply Chain Attacks: Checkmarx KICS and elementary — Trendmicro · May 14, 2026
  • TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st) — Isc.Sans.Edu · April 1, 2026
  • TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th) — Isc.Sans.Edu · March 30, 2026
  • PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials — Csoonline · March 25, 2026

CVSS v3.1 Breakdown