John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
We’ve been tracking TeamPCP since their supply chain campaigns surfaced in mid-March. Each update has been worse than the last. This week it got weird.
TeamPCP isn’t just stealing cloud credentials anymore. They’re running what amounts to a criminal franchise: geopolitical side quests, a ransomware partnership program, and a public feud with other threat actors over who gets credit for what.
The strangest new development is CanisterWorm, a wiper that specifically targets systems with Iran locale settings or Farsi language packs. If the machine is in a Kubernetes cluster, it goes after cluster data first. Why Iran? Nobody knows. Researcher Charlie Eriksen called it: “I feel like these people are really playing this Chaotic Evil role here.” That tracks.
Then there’s the Trivy situation. The container scanner TeamPCP first compromised on March 19 got popped a second time. Why? Victim organizations that were hit in the first wave failed to rotate their credentials afterward. They patched the tool but left the secrets valid. The compromised tool list now includes Trivy (twice), KICS, LiteLLM, and Telnyx. Azure environments account for 61% of compromised servers, AWS another 36%.
The scariest part: the Vect ransomware group announced a formal partnership with TeamPCP and distributed affiliate keys to all 300,000 members of BreachForums. Their announcement was blunt: they’re ready to deploy ransomware across every company hit by TeamPCP’s supply chain compromises. The access TeamPCP gained is now being monetized by a separate ransomware operation with hundreds of thousands of potential affiliates. This isn’t a targeted campaign anymore. It’s a free-for-all.
Meanwhile, ShinyHunters published 91GB of EU Commission data. Lapsus$ claims 4TB from Mercor. TeamPCP disputes both claims. It’s a turf war over stolen data, and it tells you exactly where this operation sits in the ecosystem: TeamPCP has become a gravity well that other groups are orbiting.
One more problem: TeamPCP’s infrastructure runs on ICP blockchain, making traditional takedowns nearly impossible.
If your organization uses any of the compromised tools and you haven’t rotated every secret those tools could have touched, do it now. Not Monday. Not after the change review board. Now. The window between compromise and exploitation by secondary actors has collapsed to hours.