Cybersecurity firm Sophos is warning of a dangerous new partnership between ransomware group Vect and TeamPCP, a credential-theft gang tied to the English-speaking Com collective. The collaboration, detailed in a July 2 blog post, combines TeamPCP's large-scale supply chain attacks with Vect's ransomware-as-a-service operation.
The threat is real — Sophos confirmed at least one Vect ransomware deployment using TeamPCP-stolen credentials. In March 2026, TeamPCP compromised 10,000 CI/CD workflows and stole over 500,000 login credentials via Aqua Security's Trivy scanner. The FBI issued a simultaneous FLASH warning, flagging TeamPCP malware including CanisterWorm, Sandclock, and the self-replicating worm Mini Shai-Hulud.
Source: Infosecurity Magazine