TeamPCP
TeamPCP is a financially motivated cybercriminal group active since late 2025, specialising in software supply chain attacks targeting developer tooling, open source packages, and CI/CD infrastructure. The group has conducted sustained attack campaigns against GitHub, PyPI, npm, and Docker registries, embedding credential-stealing malware into widely used open source tools including Trivy, LiteLLM, TanStack, and Checkmarx components. TeamPCP operates a worm-based propagation framework (Shai-Hulud / Mini Shai-Hulud) and has established partnerships with BreachForums and DragonForce ransomware. Victims include GitHub, OpenAI, Mistral AI, and the European Commission. Attribution remains unresolved — operators are English-speaking with no confirmed nation-state affiliation.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
85 mentions · 16 sources"Some cybersecurity vendors attributed previous Mini Shai-Hulud attacks to TeamPCP, a financially motivated threat actor that formally emerged in late 2025 by exploiting the React2Shell vulnerability as well as targeting misconfigured Docker APIs and Next.js."
"A similar capability was observed in the payload delivered in the TanStack attack attributed to TeamPCP"
"In the ongoing Shai-Hulud malware campaign attributed to TeamPCP hackers, dozens of TanStack packages infected with credential-stealing code were published on the npm index"
"Analysis confirmed it was supply chain poisoning on PyPI by the TeamPCP group."
"Multiple independent security firms attribute the campaign to TeamPCP, a financially motivated cybercriminal group that emerged in late 2025."
"This attack is attributed to the hacker group TeamPCP"
"The campaigns were attributed to the TeamPCP hacker group."
"the chalk-tempalte package contains a clone of the Shai-Hulud malware attributed to the TeamPCP hacker group that is reponsible for the recent Mini Shai-Hulud software supply-chain attack"
"the TeamPCP group launched a new wave of the Mini Shai-Hulud worm, compromising legitimate npm packages through hijacked GitHub Actions OIDC tokens"
"In March, the hacker group also compromised Aqua Security's Trivy vulnerability scanner , which is believed to have led to cascading compromises affecting Aqua Security Docker images and the Checkmarx KICS project"
"threatened to leak the Mistral AI source code stolen using compromised CI/CD credentials"
"the TeamPCP hacking group abused weaknesses in the package publishing process to distribute 84 malicious packages tied to the TanStack open source development ecosystem"
Hedge terms observed