TeamPCP’s Supply Chain Campaign Shows No Signs of Slowing Down

The threat actor known as TeamPCP is having quite the week. After their initial supply chain attacks on security tools like Trivy and KICS made headlines, they’ve now set their sights on the Telnyx Python package – and their methods are getting more creative.

Hidden Malware in Audio Files

What caught my attention about this latest attack is how TeamPCP concealed their credential stealer inside a WAV audio file. They pushed two malicious versions of the legitimate Telnyx package (4.87.1 and 4.87.2) to PyPI on March 27th, embedding their payload in what appears to be an innocent audio file.

This technique isn’t entirely new, but it’s a reminder of how attackers continue to find clever ways to hide malicious code in plain sight. When developers install what they think is a routine package update, they’re actually downloading and potentially executing malware disguised as multimedia content.

The TeamPCP Supply Chain Campaign update from SANS indicates this is far from over. We’re seeing a coordinated, ongoing effort that’s targeting multiple aspects of the software development ecosystem.

Developers Under Fire from Multiple Angles

Speaking of targeting developers, there’s another campaign running parallel that’s worth noting. Attackers are now posting fake Visual Studio Code security alerts in GitHub Discussions across various projects. These aren’t just random spam posts – they’re carefully crafted to look like legitimate security warnings that would naturally grab a developer’s attention.

The beauty (from an attacker’s perspective) of using GitHub Discussions is that it provides a trusted platform where developers already spend time. When you see a security alert posted in a project you’re following, your first instinct is probably to take it seriously, not to scrutinize whether it’s legitimate.

This multi-vector approach targeting developers makes sense when you think about it. We’re the ones with access to source code, production systems, and package repositories. Compromise a developer’s machine or accounts, and you potentially gain access to entire software supply chains.

Business Platforms Aren’t Safe Either

The attack surface isn’t limited to development tools. Push Security recently uncovered an AiTM (Adversary-in-the-Middle) phishing campaign specifically targeting TikTok for Business accounts. The attackers are using both Google and TikTok-themed login pages to harvest credentials.

This highlights something we often see in our industry – as new business platforms gain popularity, they quickly become targets. TikTok for Business has grown significantly, and with that growth comes increased attention from threat actors looking to compromise business accounts for fraud or further attacks.

The Physical World Connection

One story that really drives home the broader implications of poor security practices involves compromised IP cameras being used in actual warfare. According to Dark Reading’s report, countries including Russia, Iran, Israel, Ukraine, and the United States are all exploiting internet-connected cameras to gain intelligence inside adversaries’ borders.

This isn’t just theoretical anymore – we’re seeing real-world consequences of devices that were deployed without proper security considerations. Every poorly secured camera potentially becomes an intelligence asset for hostile actors.

What This Means for Our Work

These incidents paint a picture of attackers who are diversifying their approaches and getting more sophisticated in their targeting. The TeamPCP campaign alone shows us supply chain attacks moving beyond just typosquatting or dependency confusion to more advanced techniques like steganography.

For those of us responsible for securing development environments, we need to be thinking about multiple layers of protection. Package verification, developer workstation security, and awareness training all become critical components of a defense strategy.

The GitHub Discussions attack is particularly concerning because it exploits trust within platforms our teams use daily. We can’t just focus on technical controls – we need to ensure our developers understand that even trusted platforms can be vectors for malicious content.

Looking Ahead

The fact that SANS is tracking the TeamPCP campaign with regular updates tells us this isn’t a one-and-done attack. We’re likely to see more variations and targets as this group continues their operations.

What worries me most is the combination of technical sophistication (hiding payloads in WAV files) with social engineering tactics (fake security alerts). This suggests we’re dealing with well-resourced actors who understand both the technical and human elements of successful attacks.

Keep an eye on your package dependencies, especially if you’re using any of the previously compromised packages or their dependencies. And maybe it’s time for another conversation with your development teams about verifying security alerts before clicking through to external sites.

Sources

• TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
• Fake VS Code alerts on GitHub spread malware to developers
• New Wave of AiTM Phishing Targets TikTok for Business
• Wartime Usage of Compromised IP Cameras Highlight Their Danger
• TeamPCP Supply Chain Campaign: Update 002