The U.S. Federal Bureau of Investigation (FBI) is warning organizations about TeamPCP, a cybercriminal group behind a series of software supply chain attacks that have compromised more than 1,000 cloud environments. The agency says the attackers targeted widely used developer and security tools, allowing them to steal sensitive credentials and gain access to enterprise infrastructure.
According to the FBI, TeamPCP’s strategy differs from traditional network intrusions. Instead of attacking organizations directly, the group compromises trusted software packages and development tools that are already integrated into CI/CD pipelines. Once a malicious update is installed, the malware can harvest cloud access tokens, SSH keys, Kubernetes secrets, API keys, and other sensitive credentials from victim environments.
The advisory links the operation to four malware families: CanisterWorm, SANDCLOCK, Mini Shai-Hulud, and Miasma. Each serves a different purpose, ranging from credential theft to self-propagation through open source package repositories such as npm and PyPI. The FBI says these tools enabled the attackers to spread malicious code beyond the initial victims and compromise additional software ecosystems.
Investigators also identified several legitimate projects that were modified during the campaign. These include Trivy, KICS, LiteLLM, and the Telnyx Python SDK. Because these tools are widely used in software development and security testing, a single compromised update could expose numerous organizations before the malicious packages are removed.
The FBI warns that organizations should treat any credentials exposed during the campaign as permanently compromised. Even if the initial intrusion has been contained, stolen authentication data could later be used by TeamPCP or other threat actors to regain access or support follow-on attacks, including ransomware operations. The advisory also states that the group has engaged in extortion by threatening to publish stolen data from victim organizations.
The warning follows research from Sophos, referenced in the FBI alert, describing one TeamPCP campaign that affected more than 1,000 enterprise software-as-a-service environments. Researchers said the attackers compromised multiple widely deployed software packages, spread malicious code through dozens of npm packages, and exfiltrated roughly 300 GB of compressed data containing an estimated 500,000 credential sets.
To reduce the risk of compromise, the FBI recommends rotating all exposed credentials, enforcing multi-factor authentication, applying least-privilege access controls across CI/CD environments, and reviewing build pipelines for unauthorized modifications. The agency also advises organizations to pin GitHub Actions workflows to verified commit SHA hashes instead of floating version tags, helping reduce the risk of malicious code being introduced through software dependencies.
The FBI is urging organizations that discover evidence of TeamPCP activity to preserve forensic data and report incidents to the bureau. Officials say sharing indicators of compromise and attack details will help investigators track the group’s infrastructure and support ongoing efforts to disrupt future supply chain attacks.
