TeamPCP Hackers Launch Massive Supply Chain Attack Across Open Source Ecosystem

TeamPCP hacks major platforms like Docker Hub, VS Code, NPM; steals 300GB data, partners with Lapsus$ extortion group.

By Content Team

Mar 25, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

The TeamPCP hacking group has executed a sweeping supply chain attack targeting major open source platforms including Docker Hub, VS Code, NPM, and PyPI. Starting with Aqua Security's Trivy scanner in February, the hackers compromised access tokens and expanded to hit over 64 NPM packages, Checkmarx's VS Code plugins (36,000+ downloads), and LiteLLM Python library (95 million monthly downloads).

The attacks used sophisticated techniques like modified GitHub Action tags and malicious package versions to steal credentials from over 500,000 infected machines, exfiltrating approximately 300GB of data. TeamPCP has now partnered with the notorious Lapsus$ extortion group for monetization, openly boasting about their operations on Telegram and threatening to steal "terabytes of trade secrets."

Organizations using affected tools should immediately rotate all credentials and rebuild systems from clean states.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

How Coupang's Data Breach Became a US-South Korea Diplomatic Crisis

Apr 26, 2026

North Korean Hackers Breach Popular Axios NPM Package in Supply Chain Attack

Apr 1, 2026

AI Uncovers 38 Security Flaws in Health Records Platform Used by 100,000+ Providers

Apr 30, 2026

Companies House Security Breach Exposes UK Business Data

Mar 31, 2026