Live Cybersecurity News Ticker | Codekeeper

Ransomware Gang Teams Up With Supply Chain Hackers in "Industrialized" Attack Model

Written by Content Team | Jul 3, 2026 8:51:29 PM

Cybersecurity firm Sophos is warning of a dangerous new partnership between ransomware group Vect and TeamPCP, a credential-theft gang tied to the English-speaking Com collective. The collaboration, detailed in a July 2 blog post, combines TeamPCP's large-scale supply chain attacks with Vect's ransomware-as-a-service operation.

The threat is real — Sophos confirmed at least one Vect ransomware deployment using TeamPCP-stolen credentials. In March 2026, TeamPCP compromised 10,000 CI/CD workflows and stole over 500,000 login credentials via Aqua Security's Trivy scanner. The FBI issued a simultaneous FLASH warning, flagging TeamPCP malware including CanisterWorm, Sandclock, and the self-replicating worm Mini Shai-Hulud.

Source: Infosecurity Magazine