KICS

the threat actors behind TeamPCP’s supply chain campaign are now using credentials stolen during earlier compromises to access Amazon Web Services (AWS) accounts... They rely on valid keys and trusted automation paths, allowing them to bypass authentication controls and blend into normal developer and pipeline activity.

The attackers validated cloud keys taken from the Trivy, LiteLLM, and Checkmarx KICS compromises and used them to access cloud services, enumerate infrastructure, run commands inside containers, and exfiltrate sensitive data.

The evidence suggests this is not an isolated Docker Hub incident, but part of a broader supply chain compromise affecting multiple Checkmarx distribution channels.

Docker alerted Socket to malicious images pushed to the official checkmarx/kics Docker Hub repository... attackers appear to have overwritten existing tags... Analysis of the poisoned image indicates that the bundled KICS binary was modified...

By abusing valid credentials and trusted CI/CD workflows, attackers are bypassing traditional security controls, enabling widespread access across build systems, cloud infrastructure, and customer environments.

access AWS environments, execute commands in containers... The attackers validated cloud keys... and used them to access cloud services, enumerate infrastructure, run commands inside containers...

These extensions were modified to silently download a malicious payload called mcpAddon.js from a hardcoded GitHub URL

the threat actors behind TeamPCP’s supply chain campaign are now using credentials stolen during earlier compromises to access Amazon Web Services (AWS) accounts... They rely on valid keys and trusted automation paths, allowing them to bypass authentication controls and blend into normal developer and pipeline activity.

The attackers validated cloud keys taken from the Trivy, LiteLLM, and Checkmarx KICS compromises and used them to access cloud services, enumerate infrastructure, run commands inside containers, and exfiltrate sensitive data.

the threat actors behind TeamPCP’s supply chain campaign are now using credentials stolen during earlier compromises to access Amazon Web Services (AWS) accounts... They rely on valid keys and trusted automation paths, allowing them to bypass authentication controls and blend into normal developer and pipeline activity.

The attackers validated cloud keys taken from the Trivy, LiteLLM, and Checkmarx KICS compromises and used them to access cloud services, enumerate infrastructure, run commands inside containers, and exfiltrate sensitive data.

the threat actors behind TeamPCP’s supply chain campaign are now using credentials stolen during earlier compromises to access Amazon Web Services (AWS) accounts... They rely on valid keys and trusted automation paths, allowing them to bypass authentication controls and blend into normal developer and pipeline activity.

The attackers validated cloud keys taken from the Trivy, LiteLLM, and Checkmarx KICS compromises and used them to access cloud services, enumerate infrastructure, run commands inside containers, and exfiltrate sensitive data.

It iterated through th e /proc/ directory to isolate the PIDs for the .NET runtime powering the Runner.Worker process. Because the script inherited the runner’s user privileges, it read the /proc/<pid>/mem file descriptor , mapped the memory boundaries via /proc/<pid>/maps, and ran string-matching algorithms across the heap memory segments.

The attackers validated cloud keys taken from the Trivy, LiteLLM, and Checkmarx KICS compromises and used them to access cloud services... Rotating all secrets exposed in any environment where compromised packages were installed, including cloud access keys, Secure Shell keys, and GitHub tokens.

The attackers validated cloud keys taken from the Trivy, LiteLLM, and Checkmarx KICS compromises and used them to access cloud services, enumerate infrastructure...

using credentials stolen during earlier compromises to access Amazon Web Services (AWS) accounts, execute commands in containers... Reviewing cloud logs for unexpected Amazon Elastic Container Service Exec activity...

The malware harvests developer and cloud credentials, compresses and encrypts the results, and exfiltrates them both to an external endpoint and to threat actor-created public GitHub repositories under victim accounts.

execute commands in containers, and exfiltrate sensitive cloud data... Reviewing cloud logs for unexpected Amazon Simple Storage Service access, and Secrets Manager retrievals.