15 malware familiesExploits CVEs in the wild

TeamPCP

Also known asStorm-2999TeamPCP

TeamPCP is a financially motivated cybercriminal group focused on large-scale software supply-chain compromise and credential theft. It first appeared in late December 2025, initially exploiting misconfigured Docker APIs and Kubernetes clusters in cloud environments, and escalated in March 2026 into a multi-stage campaign poisoning widely used open-source security and developer tools across GitHub Actions, Docker Hub, npm, PyPI, and OpenVSX. The group is also tracked as storm_2999, UNC6780, Replicating Marauder, and TGR-CRI-1135, and reporting also associates it with the aliases DeadCatx3, PCPcat, ShellForce, CipherForce, and Persy_PCP. High-confidence activity attributed to TeamPCP includes the March 2026 compromise of Aqua Security’s Trivy vulnerability scanner and associated GitHub Actions, where credential-stealing payloads were distributed through official channels and injected into CI/CD pipelines. Reporting also ties TeamPCP to related compromises affecting Checkmarx KICS GitHub Actions, LiteLLM on PyPI, TanStack-related incidents, OpenVSX extensions, and expansion into npm via the self-propagating CanisterWorm worm using stolen publish tokens. TeamPCP is described as specializing in poisoning trusted open-source software and abusing CI/CD trust paths, often by injecting malicious workflows into GitHub Actions. The group’s malware and campaigns are associated with Shai-Hulud and Mini Shai-Hulud, described as credential-stealing and self-propagating supply-chain malware targeting developer environments and CI/CD systems. TeamPCP publicly released the source code for Shai-Hulud / Mini Shai-Hulud in May 2026, after which multiple copycat and derivative campaigns emerged, including Miasma, which researchers described as a descendant or derivative of TeamPCP’s Mini Shai-Hulud malware family. TeamPCP has been described as one of the most consequential open-source supply-chain threat actors of 2026, compromising more than 1,000 software packages and weaponizing trusted development channels at scale. CERT-EU reporting cited in the content also links the Trivy supply-chain compromise to the breach of the European Commission’s Europa AWS hosting platform.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

Software & Services

MITRE ATT&CK

Tradecraft

55 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

14 of 15 tactics82 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0042

Resource Development

1 technique

T1583

Acquire Infrastructure

T1583.001

Domains

TA0001

Initial Access

2 techniques

T1078×4

Valid Accounts

T1078.004×2

Cloud Accounts

T1195×6

Supply Chain Compromise

T1195.001

Compromise Software Dependencies and Development Tools

T1195.002×2

Compromise Software Supply Chain

TA0002

Execution

3 techniques

T1053

Scheduled Task/Job

T1053.006×2

Systemd Timers

T1059

Command and Scripting Interpreter

T1059.006×3

Python

T1574×3

Hijack Execution Flow

T1574.007

Path Interception by PATH Environment Variable

TA0003

Persistence

7 techniques

T1037

Boot or Logon Initialization Scripts

T1053

Scheduled Task/Job

T1053.006×2

Systemd Timers

T1078×4

Valid Accounts

T1078.004×2

Cloud Accounts

T1136

Create Account

T1136.003

Cloud Account

T1543

Create or Modify System Process

T1543.001

Launch Agent

T1543.002×2

Systemd Service

T1546

Event Triggered Execution

T1556×2

Modify Authentication Process

TA0004

Privilege Escalation

6 techniques

T1037

Boot or Logon Initialization Scripts

T1053

Scheduled Task/Job

T1053.006×2

Systemd Timers

T1055×3

Process Injection

T1055.009

Proc Memory

T1078×4

Valid Accounts

T1078.004×2

Cloud Accounts

T1543

Create or Modify System Process

T1543.001

Launch Agent

T1543.002×2

Systemd Service

T1546

Event Triggered Execution

TA0005

Stealth

5 techniques

T1027

Obfuscated Files or Information

T1027.003

Steganography

T1036×4

Masquerading

T1055×3

Process Injection

T1055.009

Proc Memory

T1078×4

Valid Accounts

T1078.004×2

Cloud Accounts

T1574×3

Hijack Execution Flow

T1574.007

Path Interception by PATH Environment Variable

TA0112

Defense Impairment

2 techniques

T1553×2

Subvert Trust Controls

T1556×2

Modify Authentication Process

TA0006

Credential Access

8 techniques

T1003×3

OS Credential Dumping

T1212

Exploitation for Credential Access

T1528×2

Steal Application Access Token

T1539

Steal Web Session Cookie

T1552×2

Unsecured Credentials

T1552.001×2

Credentials In Files

T1552.005

Cloud Instance Metadata API

T1555×2

Credentials from Password Stores

T1556×2

Modify Authentication Process

T1649×4

Steal or Forge Authentication Certificates

TA0007

Discovery

7 techniques

T1057

Process Discovery

T1069

Permission Groups Discovery

T1069.003

Cloud Groups

T1082

System Information Discovery

T1087

Account Discovery

T1087.004

Cloud Account

T1526

Cloud Service Discovery

T1613×2

Container and Resource Discovery

T1619

Cloud Storage Object Discovery

TA0008

Lateral Movement

2 techniques

T1021

Remote Services

T1021.004

SSH

T1570×2

Lateral Tool Transfer

TA0009

Collection

1 technique

T1560×4

Archive Collected Data

TA0011

Command and Control

5 techniques

T1008

Fallback Channels

T1071

Application Layer Protocol

T1071.001

Web Protocols

T1102

Web Service

T1105×5

Ingress Tool Transfer

T1219×2

Remote Access Tools

TA0010

Exfiltration

5 techniques

T1029

Scheduled Transfer

T1041

Exfiltration Over C2 Channel

T1048

Exfiltration Over Alternative Protocol

T1537

Transfer Data to Cloud Account

T1567×4

Exfiltration Over Web Service

TA0040

Impact

1 technique

T1486

Data Encrypted for Impact

ARSENAL

Associated malware families

15 malware families attributed to this actor across reporting.

FamilyContextEvidenceLast seen

Shai-HuludOrganizations with modern CI/CD pipelines face threats from the Shai Hulud supply chain campaign, a software worm attributed to TeamPCP that has been targeting npm and PyPI packages since late 2025.8Jun 26, 2026

MiasmaAn infostealer malware dubbed Miasma... The malware as we’ve already discussed steals GitHub tokens, npm tokens, AWS, GCP & Azure cloud credentials, and local environment information.5Jun 25, 2026

mini Shai-HuludAdditionally, the group's objectives have grown as they have spread the use of Mini Shai-Hulud, a self-replicating malware strain that infected hundreds of open-source packages across multiple registries, and was then publicized to encourage imitations.3Jun 22, 2026

TeamPCP Cloud stealerThe malicious versions of these Actions run a tool self-described as "TeamPCP Cloud stealer", which dumps Runner.Worker process memory, harvests SSH, cloud, and K8s secrets, encrypts the data (using AES-256+RSA-4096), and exfiltrates it to a remote server.3Jun 26, 2026

CanisterWormWiz Research continues to track TeamPCP activity following the initial Trivy compromise. The threat actor has expanded operations to the npm ecosystem via a worm ("CanisterWorm") leveraging stolen publish tokens.2Jun 26, 2026

10 additional families tracked in Mallory.

WEAPONIZED

Associated vulnerabilities

2 CVEs this actor has used in observed campaigns. 2 of them exploited in the wild.

CVE-2026-33634Trivy supply chain compromise via malicious release and retagged GitHub ActionsIn the wildEvidence3

TeamPCP used the residual access on March 19 to push a malicious v0.69.4 tag to the Trivy repository, an incident tracked as CVE-2026-33634 (CVSS 9.4), using imposter commits.

CVE-2025-29927Next.js middleware authorization bypass via x-middleware-subrequest headerIn the wildEvidence1

In December 2025, TeamPCP exploited CVE-2025-29927 (CVSS 10.0), a critical React2Shell vulnerability in Next.js, to compromise over 59,000 servers in under 48 hours during Operation PCPcat.

IOCS

Observables

124 indicators attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.

124 IOCsView more in app

hash.sha1

85 total

••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••+77

Domains

12 total

••••••.com•••••••.ru••••••••.com•••••••••.net••••••••••.com•••••••••••.ru••••••••••••.com••••••.ru+4

hash.sha256

12 total

••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••+4

ip.v4

9 total

••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••+1

uri

5 total

••••••••••••••••••••••••••••••••••••••••••••••••••

Email addresses

1 total

••••@•••••.•••

IOC values are gated. View more in Mallory for domains, IPs, hashes, and other artifacts, or pipe them straight into your SIEM.

ACTIVITY FEED

Recent activity

18 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

18 SOURCESView more in app

fortinet threat research blogNews

Jun 26, 2026

From CI/CD to Cloud Data: How Shai Hulud Persistence Leads to Redshift Breach | FortiGuard Labs

Attributed operator behind the Shai Hulud supply chain campaign targeting npm and PyPI packages, harvesting CI/CD and cloud credentials, and enabling follow-on cloud intrusion, privilege escalation, and data exfiltration in AWS environments.

thecybersecguruNews

Jun 25, 2026

Miasma Hits Leo Platform npm Packages in Latest Supply Chain Wave | The CyberSec Guru

Open-sourced the Mini Shai-Hulud supply chain worm tooling; the current Leo Platform wave may be operated by TeamPCP or by a copycat using the same codebase and key material.

cysecurity newsNews

Jun 22, 2026

TeamPCP Exposes the Hidden Risks of Software Development’s Speed Culture - CySecurity News - Latest Information Security and Hacking Incidents

Supply-chain intrusion campaign targeting open-source repositories, CI/CD runners, package registries, and developer infrastructure to distribute credential-stealing malware and maximize downstream exposure across software ecosystems.

govinfosecurityNews

Jun 22, 2026

North Korean Hackers Poison Mastra AI Framework

Associated with building the Shai-Hulud self-replicating worm used in npm-focused software supply-chain attacks.

+14 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping55

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal15

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs2

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables124

Domains, IPs, and hashes tied to this actor, refreshed continuously.