TeamPCP’s wide-scale supply-chain compromises have materially fueled VECT ransomware operations by supplying a vast archive of stolen CI/CD credentials, reshaping how organizations should measure ransomware exposure.
Rather than choosing victims in advance, TeamPCP contaminated widely used components Trivy, Checkmarx KICS, LiteLLM, and the Telnyx Python SDK access so that any organization that installed those packages or executed affected workflows.
TeamPCP exploited a vulnerability in Trivy’s automated workflow (CVE-2026-33634) to replace nearly all published versions with malicious workflow code using a stolen maintainer credential.
The same pattern allowed TeamPCP to overwrite dozens of Checkmarx KICS workflow tags and to inject a persistent loader, litellm_init.pth, into LiteLLM v1.82.8 leveraging Python’s automatic .pth execution on startup to attain ongoing code execution across developer machines and CI runners.
Telnyx SDK tampering delivered a three-stage remote access trojan in specific versions. In at least one case, TeamPCP used victim automation credentials to create a hidden repository named docs-tpcp inside target GitHub organizations, making intrusion activity appear as legitimate automation in audit logs.
Technical reporting from Check Point Research and the FBI’s IC3 FLASH corroborate the mechanics and downstream consequences. TeamPCP weaponized trusted open-source packages and CI workflows to harvest automation tokens, cloud API keys, and service credentials at scale.
Those stolen CI/CD and cloud tokens AWS, Azure, GCP, Kubernetes secrets, container registry credentials, GitHub/GitLab tokens weren’t a final objective but inventory.
TeamPCP Supply Chain Attacks
By March 2026 TeamPCP had amassed more than 500,000 credentials from over 10,000 pipelines. VECT operators then selected targets from that credential archive; target selection occurred after access, not before.
The partnership between TeamPCP and VECT was publicly announced on BreachForums on April 16, 2026, and Sophos CTU has confirmed at least one VECT ransomware deployment using TeamPCP-sourced credentials.
The FBI warns these credentials “will be weaponized long after the initial compromise,” meaning affected organizations face prolonged exposure until keys and tokens are rotated and validated.
Compounding the crisis, Check Point Research’s April 28, 2026 technical analysis (CPR-2026-0428) revealed a significant flaw in VECT 2.0’s encryption: for files larger than 128 KB.
The ransomware reuses a single internal value instead of generating unique per-chunk keys and writes only the final value, rendering the first three-quarters of those files irrecoverable even if a decryption key is provided.
The flaw exposes the amateur cryptographic handling in VECT’s codebase while the surrounding affiliate infrastructure Monero escrow, tiered commissions, negotiators remains professionalized and effective, producing high-impact outcomes despite flawed ransomware engineering.
Defenders face a fragmented-detection problem. Install records, workflow executions, and cloud audit logs each show a legitimate event attributed to known service accounts or package installs; no single logline signals the complete attack chain.
This fragmentation echoes earlier supply-chain incidents, where stolen tokens moved laterally across validated systems without triggering a holistic alarm.
Effective remediation therefore requires pipeline-centric investigations: search for litellm_init.pth on developer and CI runners, inspect Trivy and Checkmarx KICS action pins from the February–March window, check for Telnyx SDK versions 4.87.1/4.87.2, and look for docs-tpcp repositories in your GitHub organizations.
Immediate actions: rotate all CI/CD and cloud credentials issued before April 2026, revoke compromised service tokens, audit pipeline-run API calls in AWS CloudTrail, Azure Monitor, and GCP Cloud Audit Logs for anomalous activity from pipeline service accounts.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.

