TeamPCP

TeamPCP is a cybercrime threat actor, also tracked as UNC6780, associated with software supply chain compromises and developer-focused credential theft. Known aliases in the provided content include deadcatx3, pcpcat, persypcp, shellforce, team_pcp, and teampcp. The group is described as backdooring trusted open-source security and development tools to gain indirect access, and has been linked to compromises involving GitHub, Trivy, durabletask, Nx Console, @antv, LiteLLM, TanStack, and other projects. TeamPCP has also been reported as claiming responsibility for a European Commission breach after theft of a cloud key obtained via the earlier Trivy compromise. The actor’s activity centers on harvesting developer and CI/CD secrets, including cloud credentials, tokens, SSH keys, npm and PyPI publishing tokens, password manager data, Kubernetes and Vault material, and other secrets from developer workstations and pipelines. Reported initial access and propagation methods include poisoned Visual Studio Code extensions, malicious npm and PyPI package updates, abuse of valid accounts and stolen secrets, CI/CD pipeline abuse, and self-propagating malware. GitHub disclosed that a threat actor self-identifying as TeamPCP, also tracked as UNC6780, compromised an employee developer device through a malicious VS Code extension and used stolen credentials to clone roughly 3,800 internal repositories; TeamPCP then advertised the stolen GitHub data for sale, initially seeking at least $50,000, with later reporting stating a joint sale with LAPSUS$ for $95,000. TeamPCP is closely associated with the Shai-Hulud and Mini Shai-Hulud malware campaigns. The content states TeamPCP published the full Mini Shai-Hulud source code to GitHub on May 12, 2026, and encouraged independent campaigns, which has complicated later attribution because copycat actors can reuse the tooling. TeamPCP’s malware and related campaigns are described as self-propagating and focused on software supply chain compromise. Reported TeamPCP-linked malware capabilities include credential theft from cloud providers, developer tools, password managers, SSH and Docker material; propagation through npm ecosystems, AWS SSM, Kubernetes, and CI/CD workflows; and covert command-and-control using GitHub commit messages and the GitHub Search API. Sophos linked TeamPCP activity to a Python backdoor named cat.py recovered from an affected endpoint, and described TeamPCP’s defining characteristic as backdooring trusted open-source security and development tools. The content also describes TeamPCP’s evolution from clumsy attacks against misconfigured Kubernetes clusters in September 2025 to major software supply chain attacks by February 2026. Multiple reports note that later campaigns such as Miasma and IronWorm show overlap or operational adjacency with TeamPCP tradecraft, but in several cases attribution remains uncertain because TeamPCP open-sourced Mini Shai-Hulud and related tooling. No nation-state attribution is provided in the content.