Close Menu
  • Homepage
  • Local News
  • India
  • World
  • Politics
  • Sports
  • Finance
  • Entertainment
  • Business
  • Technology
  • Health
  • Lifestyle
Facebook X (Twitter) Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA
Facebook X (Twitter) Instagram Pinterest
JHB NewsJHB News
  • Local
  • India
  • World
  • Politics
  • Sports
  • Finance
  • Entertainment
Let’s Fight Corruption
JHB NewsJHB News
Home»Technology»Who is TeamPCP, the rising hacker group targeting open-source software and AI tools? | Technology News
Technology

Who is TeamPCP, the rising hacker group targeting open-source software and AI tools? | Technology News

May 26, 2026No Comments5 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Last week, on at least four occasions within five days, more than 100 schools in Delhi received similar emails, which were sent using VPNs. The police traced the domains to the UK and some European countries.
Share
Facebook Twitter LinkedIn Pinterest Email

Code internet hosting platform GitHub disclosed that it suffered a knowledge breach final week as a part of a software program provide chain assault carried out by hackers.

The assault was traced again to a GitHub developer, who had put in a ‘poisoned’ extension for VSCode, which serves as a plug-in for a generally used code editor that can be owned by Microsoft. In its assertion confirming the information breach, GitHub stated not less than 3,800 inner repositories had been compromised by the hackers. Nonetheless, the affected repositories solely contained GitHub’s personal code and didn’t have an effect on clients’ information.

The hackers behind the GitHub breach are extensively believed to be TeamPCP, an more and more infamous group of cybercriminals that perform software program provide chain assaults, the place a whole lot of open-source instruments are corrupted and victims extorted for revenue.

“We’re right here at this time to promote GitHub’s supply code and inner orgs on the market. All the pieces for the principle platform is there and I’m very completely happy to ship samples to consumers to confirm absolute authenticity,” TeamPCP wrote on BreachForums, a discussion board and market for cybercriminals, following the breach.

The GitHub breach is the most recent in a string of software program provide chain assaults allegedly linked to the rising hacker group, elevating questions on methods to use open-source software program safely. Right here’s the whole lot you might want to learn about TeamPCP.

Who’s TeamPCP?

TeamPCP emerged in late 2025, when it exploited cloud misconfigurations and a vulnerability within the net app improvement device Subsequent.js to deploy a botnet for assaults like credential theft and cryptocurrency mining. The group of hackers relied closely on worms to seize static credentials and authentication tokens to bore deeper into victims’ programs.

TeamPCP’s web page on the darkish net hyperlinks to ‘enterprise contacts, which may doubtlessly be used to hold out ransom negotiations. The webpage options Matrix-style cascading ones and zeros, together with the phrases ‘TEAMPCP: The Cats Hijacking Your Provide Chains’ with a reggae fusion soundtrack within the background, in accordance with a report by Wired.

Story continues beneath this advert

The group’s assaults look like financially motivated because it usually targets victims by deploying ransomware or finishing up information extortion campaigns. It has additionally expressed willingness to promote victims’ information to any purchaser.

“This isn’t a ransom. We don’t care about extorting GitHub, 1 purchaser and we shred the information on our finish […] It seems like our retirement is quickly so if no purchaser is discovered we are going to leak it free,” TeamPCP reportedly wrote in its BreachForums submit close to the GitHub breach.

TeamPCP is believed to have transitioned to a ransomware-as-a-service mannequin in April this yr by establishing partnerships with extensively identified cybercriminal platforms similar to BreachForums and DragonForce.

What’s TeamPCP’s modus operandi?

Merely put, a software program provide chain assault is when hackers corrupt a legit piece of software program to cover their very own malicious code. It threatens to show any harmless utility right into a harmful foothold in a sufferer’s community, thereby sowing a brand new degree of mistrust throughout the ecosystem.

Story continues beneath this advert

TeamPCP reportedly depends on a cyclical exploitation of software program builders. First, the hackers acquire entry to a community the place an open-source device generally utilized by coders is being developed. They then plant malware within the open-source device that can be used to compromise different software program builders’ machines, together with these builders creating different software program instruments for coders.

The malware permits TeamPCP to steal credentials which, in flip, lets them publish malicious variations of these software program improvement instruments. The breached community grows because the cycle repeats. TeamPCP’s hackers have additionally reportedly automated lots of its software program provide chain assaults with a self-spreading worm generally known as ‘Mini Shai-Hulud’ – seemingly a reference to the favored sci-fi novel and film collection, Dune.

Encrypted credentials in GitHub repositories created by the worm reportedly carry the phrase: ‘A Mini Shai-Hulud Has Appeared’. In September 2025, an analogous provide chain assault involving self-spreading malware reportedly carried the identical phrase.

Who has been focused by TeamPCP?

Over the previous couple of months, TeamPCP has carried out 20 waves of provide chain assaults which have hidden malware in additional than 500 distinct items of software program, in accordance with cybersecurity agency Socket. With these tainted items of code, TeamPCP has focused and breached a whole lot of corporations that put in the software program, in accordance with Ben Learn, the pinnacle of strategic risk intelligence at cloud safety agency Wiz.

Story continues beneath this advert

Earlier than GitHub, TeamPCP is alleged to have been behind assaults concentrating on OpenAI and information contracting agency Mercor. The hackers are stated to have embedded an infostealer within the open supply safety scanner Trivy after which used stolen credentials from this assault to compromise sure variations of the AI utility programming interface (API) device referred to as LiteLLM that’s hosted on the favored Python software program repository PyPI.

Net utility safety agency Checkmarx, net app library TanStack, and enterprise AI platform Mistral are just some different corporations which have been focused by TeamPCP in provide chain assaults. It was additionally reportedly behind the current information breach affecting the European Fee’s public web site.

How can organisations defend themselves?

Consultants imagine that organisations can defend themselves from TeamPCP’s provide chain assaults to a sure diploma by maintaining safety “hygiene” practices that rigorously handle authentication tokens and impose entry restrictions wherever doable.

Additionally it is beneficial to alter or rotate tokens even if you’re not utilizing the packages which have been compromised. Different potential safeguards embody bringing age-gating updates to open-source instruments. Safety updates must be vetted and put in reasonably than instantly updating to code that has been newly revealed and could also be malicious.



Source link

Group hacker news opensource Rising Software targeting TeamPCP Technology tools
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Google Pixel Watch 5 LTE Model Confusion Explained

July 1, 2026

Vivo X Fold 6 could Go Global as Galaxy Z Fold 8 Rival

July 1, 2026

Why Mexico vs Ecuador at FIFA World Cup has been delayed by an hour | Football News

July 1, 2026

WhatsApp Plus now in India: Price, features and everything you need to know | Technology News

July 1, 2026
Add A Comment
Leave A Reply Cancel Reply

Editors Picks

Once a target of racist chants, Mexico’s Quiñones is now hero-worshipped

July 1, 2026

Taylor Accused of Making ‘PR Distraction’ To Keep Wedding Spot a Secret

July 1, 2026

Google Pixel Watch 5 LTE Model Confusion Explained

July 1, 2026

Blue Owl Capital Eyes Minority Investment in Cleveland Cavaliers, Bloomberg Reports

July 1, 2026
Popular Post

Bruce Springsteen Opened Up About ‘Wrestling’ With Demons In His Youth

After Modi praise for Gehlot, Pilot hints CM will go Azad way

Why Zim Integrated Shipping Stock Is Cruising Higher Today

Subscribe to Updates

Get the latest news from JHB News about Bangalore, Worlds, Entertainment and more.

JHB News
Facebook X (Twitter) Instagram Pinterest
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA
© 2026 Jhb.news - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.