Skip to main content
Mallory
Back to threat actors
23 malware familiesExploits CVEs in the wild

TeamPCP

Also known asdeadcatx3pcpcatpersypcpshellforceTeam PCPteampcpunc6780

TeamPCP is a cybercrime threat actor, also tracked as UNC6780, associated with software supply chain compromises and developer-focused credential theft. Known aliases in the provided content include deadcatx3, pcpcat, persypcp, shellforce, team_pcp, and teampcp. The group is described as backdooring trusted open-source security and development tools to gain indirect access, and has been linked to compromises involving GitHub, Trivy, durabletask, Nx Console, @antv, LiteLLM, TanStack, and other projects. TeamPCP has also been reported as claiming responsibility for a European Commission breach after theft of a cloud key obtained via the earlier Trivy compromise. The actor’s activity centers on harvesting developer and CI/CD secrets, including cloud credentials, tokens, SSH keys, npm and PyPI publishing tokens, password manager data, Kubernetes and Vault material, and other secrets from developer workstations and pipelines. Reported initial access and propagation methods include poisoned Visual Studio Code extensions, malicious npm and PyPI package updates, abuse of valid accounts and stolen secrets, CI/CD pipeline abuse, and self-propagating malware. GitHub disclosed that a threat actor self-identifying as TeamPCP, also tracked as UNC6780, compromised an employee developer device through a malicious VS Code extension and used stolen credentials to clone roughly 3,800 internal repositories; TeamPCP then advertised the stolen GitHub data for sale, initially seeking at least $50,000, with later reporting stating a joint sale with LAPSUS$ for $95,000. TeamPCP is closely associated with the Shai-Hulud and Mini Shai-Hulud malware campaigns. The content states TeamPCP published the full Mini Shai-Hulud source code to GitHub on May 12, 2026, and encouraged independent campaigns, which has complicated later attribution because copycat actors can reuse the tooling. TeamPCP’s malware and related campaigns are described as self-propagating and focused on software supply chain compromise. Reported TeamPCP-linked malware capabilities include credential theft from cloud providers, developer tools, password managers, SSH and Docker material; propagation through npm ecosystems, AWS SSM, Kubernetes, and CI/CD workflows; and covert command-and-control using GitHub commit messages and the GitHub Search API. Sophos linked TeamPCP activity to a Python backdoor named cat.py recovered from an affected endpoint, and described TeamPCP’s defining characteristic as backdooring trusted open-source security and development tools. The content also describes TeamPCP’s evolution from clumsy attacks against misconfigured Kubernetes clusters in September 2025 to major software supply chain attacks by February 2026. Multiple reports note that later campaigns such as Miasma and IronWorm show overlap or operational adjacency with TeamPCP tradecraft, but in several cases attribution remains uncertain because TeamPCP open-sourced Mini Shai-Hulud and related tooling. No nation-state attribution is provided in the content.

Share:
Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial
OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

  • Software & Services
  • Government & Administration
MITRE ATT&CK

Tradecraft

37 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

14 of 15 tactics45 techniques×N= number of intelligence reports citing this technique
MITRE ATT&CK
TA0043
Reconnaissance
1 technique
T1589
Gather Victim Identity Information
TA0042
Resource Development
1 technique
T1588
Obtain Capabilities
T1588.001
Malware
TA0001
Initial Access
3 techniques
T1078×6
Valid Accounts
T1195×25
Supply Chain Compromise
T1195.001×9
Compromise Software Dependencies and Development Tools
T1195.002×2
Compromise Software Supply Chain
T1199
Trusted Relationship
TA0002
Execution
3 techniques
T1059
Command and Scripting Interpreter
T1204
User Execution
T1204.002×5
Malicious File
T1651
Cloud Administration Command
TA0003
Persistence
2 techniques
T1078×6
Valid Accounts
T1098
Account Manipulation
T1098.004
SSH Authorized Keys
TA0004
Privilege Escalation
3 techniques
T1078×6
Valid Accounts
T1098
Account Manipulation
T1098.004
SSH Authorized Keys
T1611
Escape to Host
TA0005
Stealth
2 techniques
T1027
Obfuscated Files or Information
T1027.003
Steganography
T1078×6
Valid Accounts
TA0006
Credential Access
4 techniques
T1528×5
Steal Application Access Token
T1552
Unsecured Credentials
T1552.005
Cloud Instance Metadata API
T1555
Credentials from Password Stores
T1649×8
Steal or Forge Authentication Certificates
TA0007
Discovery
2 techniques
T1580
Cloud Infrastructure Discovery
T1613
Container and Resource Discovery
TA0008
Lateral Movement
2 techniques
T1021
Remote Services
T1021.007
Cloud Services
T1570
Lateral Tool Transfer
TA0009
Collection
3 techniques
T1005×2
Data from Local System
T1074
Data Staged
T1213×4
Data from Information Repositories
TA0011
Command and Control
1 technique
T1008
Fallback Channels
TA0010
Exfiltration
4 techniques
T1020
Automated Exfiltration
T1041×5
Exfiltration Over C2 Channel
T1537×2
Transfer Data to Cloud Account
T1567
Exfiltration Over Web Service
T1567.001
Exfiltration to Code Repository
TA0040
Impact
4 techniques
T1485
Data Destruction
T1486×2
Data Encrypted for Impact
T1565
Data Manipulation
T1657
Financial Theft
ARSENAL

Associated malware families

23 malware families attributed to this actor across reporting.

FamilyContextEvidenceLast seen
Shai-HuludThis behavior is conceptually similar to Shai Hulud, which had its code published on GitHub recently. Although JFrog researchers did not find a clear connection between IronWorm and Shai Hulud, they observed the same commit names in both supply-chain attacks.20Jun 4, 2026
FIRESCALEHunt.io analyzes the 13-file Python toolkit TeamPCP deploys after a supply chain compromise, documenting FIRESCALE, victim-hosted exfiltration, and infrastructure pivots that prior vendor reporting missed.18May 26, 2026
mini Shai-HuludNews of the sale comes as TeamPCP's self-replicating malware campaign, known as Mini Shai-Hulud, continues to expand in reach with the compromise of durabletask, an official Microsoft Python client for the Durable Task workflow execution framework.14Jun 4, 2026
CanisterWormAutomated propagation via worming across software dependencies (T1210 / T1105). Deploying self-propagating malware (e.g., CanisterWorm) to spread through npm and developer workflows at scale | Automated propagation via worming across software dependencies ... Deploying self-propagating malware (e.g., CanisterWorm) to spread through npm and developer workflows at scale11Jun 4, 2026
MiasmaWhat is Miasma? Analysis of the compromised package versions identified a common malicious payload introduced across multiple affected releases... The payload appears to be derived from the (Mini) Shai-Hulud malware open-sourced by TeamPCP... This variant creates repositories containing the description Miasma: The Spreading Blight.7Jun 4, 2026

18 additional families tracked in Mallory.

WEAPONIZED

Associated vulnerabilities

7 CVEs this actor has used in observed campaigns. 7 of them exploited in the wild.

CVE-2026-33634Trivy supply chain compromise via malicious release and retagged GitHub ActionsIn the wildEvidence39

ownCloud published a security notice confirming their build infrastructure -- the systems producing container images and client binaries -- was affected by CVE-2026-33634 (the Trivy compromise).

CVE-2026-45321TanStack GitHub Actions Trusted Publisher Supply Chain CompromiseIn the wildEvidence8

CVE-2026-45321 describes a chained exploitation of three weaknesses in TanStack’s GitHub Actions CI/CD configuration... The result was 84 malicious package versions published across 42 TanStack packages in under six minutes, all carrying valid SLSA Build Level 3 provenance attestations from Sigstore.

CVE-2025-55182React2ShellIn the wildEvidence7

On December 19th 2025, Rubrik Zero Labs published PCPcat Campaign: Large-Scale Exploitation of React2Shell CVE and Cloud Infrastructure, detailing a campaign where TeamPCP weaponised CVE-2025-55182 (React2Shell) alongside exposed Docker APIs, Redis servers, Kubernetes clusters, and Ray AI dashboards.

CVE-2025-29927Next.js Middleware Authorization BypassIn the wildEvidence5

Analysis of react.py This script is clearly set to exploit CVE-2025-29927, also known as React2Shell. ... This script implements a fully automated React/Next.js exploitation pipeline centered on abusing CVE-2025-29927 to achieve remote command execution at scale.

CVE-2024-3400Unauthenticated RCE in Palo Alto PAN-OS GlobalProtectIn the wildEvidence1

Volexity observed .pth abuse in CVE-2024-3400 exploitation.

2 more CVEs tied to this actor tracked in Mallory.

IOCS

Observables

518 indicators attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.

518 IOCsView more in app

IOC values are gated. View more in Mallory for domains, IPs, hashes, and other artifacts, or pipe them straight into your SIEM.

ACTIVITY FEED

Recent activity

20 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

20 SOURCESView more in app
phoenix security blogNews
Jun 4, 2026
npm Supply Chain Worm IronWorm: Rust, eBPF Rootkit, Tor C2

Mentioned as a lineage/context threat cluster associated with Shai-Hulud-style npm worm activity targeting CI/CD and software supply chains; no confirmed identity overlap with IronWorm is established in the content.

Read more
the record mediaNews
Jun 4, 2026
Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process | The Record from Recorded Future News

Cybercrime group linked in the content to breaching thousands of GitHub internal repositories via a poisoned VS Code extension.

Read more
dark readingNews
Jun 4, 2026
Rust-Written IronWorm Hits NPM Supply Chain

Cybercrime group linked to software supply chain compromises, including compromising Trivy and other projects to deploy infostealers aimed at stealing cloud credentials, tokens, SSH keys, and CI/CD secrets.

Read more
ox security blogNews
Jun 2, 2026
Six Stages and an Endless Loop: Shai-Hulud Gets Sophisticated

Referenced as a distinct previously attributed actor for comparison; its malware is described as more straightforward and less heavily obfuscated than the current Shai-Hulud/Miasma supply-chain campaign.

Read more
+196 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.
Start free trial
Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping37

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal23

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs7

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables518

Domains, IPs, and hashes tied to this actor, refreshed continuously.