← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Weaponizing the Protectors: TeamPCPs Multi-Stage Supply Chain Attack on Security Infrastructure
WHITE TeamPCP AlienVault 2026-04-01 Modified: 2026-04-01
63
IOCs
HIGH VOLUME
Between late February and March 2026, threat group TeamPCP conducted a highly calculated, escalating sequence of supply chain threats. It systematically compromised widely trusted open-source security tools, including the vulnerability scanners Trivy and KICS and the popular AI gateway LiteLLM. The affected software also includes the official Python SDK of Telnyx.
teampcpcanisterwormcve-2025-55182supply chain attackwiper
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
CanisterWorm
Indicators of Compromise (10 / 63 total)
All IPv4 CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 46e7a5c4cf645b77f24023eef873f56f 2026-04-01
FileHash-MD5 55405de62427ac56106f0fdb1c33dedd 2026-04-01
FileHash-MD5 5870a0bf82bbdf2687d8dce89dfa668f 2026-04-01
FileHash-MD5 718c13820bff309925b5b629bbb5da2c 2026-04-01
FileHash-MD5 7646a872455dab186dc9de17f7ef0340 2026-04-01
FileHash-MD5 805c08686e755c063a0bb460bdf9dcc4 2026-04-01
FileHash-MD5 8bfefb76454efe404359831d4fe7137c 2026-04-01
FileHash-MD5 8cf49650b7a000d09e8af77c314dfdad 2026-04-01
FileHash-MD5 d761a6a7ae9f2254bd81ac234033a8b8 2026-04-01
FileHash-MD5 df43394b926e609e6ad020b157b151a1 2026-04-01
References (1)
↗ https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/