Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure

    Wednesday, April 1, 2026 In: Threat Research Print

    Date: 04/01/2026

    Severity: High

    Summary

    Between late February and March 2026, TeamPCP launched a calculated series of escalating supply chain attacks. They compromised trusted open-source security tools like Trivy, KICS, and the AI gateway LiteLLM. The campaign also targeted the official Python SDK of Telnyx. Malicious infostealer payloads were injected into GitHub Actions and PyPI registries. When triggered in automated workflows, the malware exfiltrates sensitive data such as cloud tokens, SSH keys, and Kubernetes secrets. These attacks also create persistent backdoors, enabling lateral movement across affected systems.

    Indicators of Compromise (IOC) List

    Domains\URLs : 

    checkmarx.zone

    models.litellm.cloud

    scan.aquasecurtiy.org

    tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io

    championships-peoples-point-cassette.trycloudflare.com

    create-sensitivity-grad-sequence.trycloudflare.com

    investigation-launches-hearings-copying.trycloudflare.com

    plug-tab-protective-relay.trycloudflare.com

    souls-entire-defined-routes.trycloudflare.com

    IP Address :

    23.142.184.129

    45.148.10.212

    63.251.162.11

    83.142.209.11

    83.142.209.203

    195.5.171.242

    209.34.235.18

    212.71.124.188

    Hash :

    30015DD1E2CF4DBD49FFF9DDEF2AD4622DA2E60E5C0B6228595325532E948F14

    41C4F2F37C0B257D1E20FE167F2098DA9D2E0A939B09ED3F63BC4FE010F8365C

    D8CAF4581C9F0000C7568D78FB7D2E595AB36134E2346297D78615942CBBD727

    0880819ef821cff918960a39c1c1aada55a5593c61c608ea9215da858a86e349

    0c0d206d5e68c0cf64d57ffa8bc5b1dad54f2dda52f24e96e02e237498cb9c3a

    0c6a3555c4eb49f240d7e0e3edbfbb3c900f123033b4f6e99ac3724b9b76278f

    18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a

    1e559c51f19972e96fcc5a92d710732159cdae72f407864607a513b20729decb

    5e2ba7c4c53fa6e0cef58011acdd50682cf83fb7b989712d2fcf1b5173bad956

    61ff00a81b19624adaad425b9129ba2f312f4ab76fb5ddc2c628a5037d31a4ba

    6328a34b26a63423b555a61f89a6a0525a534e9c88584c815d937910f1ddd538

    7321caa303fe96ded0492c747d2f353c4f7d17185656fe292ab0a59e2bd0b8d9

    7b5cc85e82249b0c452c66563edca498ce9d0c70badef04ab2c52acef4d629ca

    7df6cef7ab9aae2ea08f2f872f6456b5d51d896ddda907a238cd6668ccdc4bb7

    822dd269ec10459572dfaaefe163dae693c344249a0161953f0d5cdd110bd2a0

    887e1f5b5b50162a60bd03b66269e0ae545d0aef0583c1c5b00972152ad7e073

    bef7e2c5a92c4fa4af17791efc1e46311c0f304796f1172fce192f5efc40f5d7

    c37c0ae9641d2e5329fcdee847a756bf1140fdb7f0b7c78a40fdc39055e7d926

    cd08115806662469bbedec4b03f8427b97c8a4b3bc1442dc18b72b4e19395fe3

    d5edd791021b966fb6af0ace09319ace7b97d6642363ef27b3d5056ca654a94c

    e4edd126e139493d2721d50c3a8c49d3a23ad7766d0b90bc45979ba675f35fea

    e6310d8a003d7ac101a6b1cd39ff6c6a88ee454b767c1bdce143e04bc1113243

    e64e152afe2c722d750f10259626f357cdea40420c5eedae37969fbf13abbecf

    e87a55d3ba1c47e84207678b88cacb631a32d0cb3798610e7ef2d15307303c49

    e9b1e069efc778c1e77fb3f5fcc3bd3580bbc810604cbf4347897ddb4b8c163b

    ecce7ae5ffc9f57bb70efd3ea136a2923f701334a8cd47d4fbf01a97fd22859c

    f398f06eefcd3558c38820a397e3193856e4e6e7c67f81ecc8e533275284b152

    f7084b0229dce605ccc5506b14acd4d954a496da4b6134a294844ca8d601970d

    Filename : 

    kamikaze.sh

    kube.py

    prop.py

    proxy_server.py

    tpcp.tar.gz

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    domainname like "scan.aquasecurtiy.org" or url like "scan.aquasecurtiy.org" or siteurl like "scan.aquasecurtiy.org" or domainname like "create-sensitivity-grad-sequence.trycloudflare.com" or url like "create-sensitivity-grad-sequence.trycloudflare.com" or siteurl like "create-sensitivity-grad-sequence.trycloudflare.com" or domainname like "models.litellm.cloud" or url like "models.litellm.cloud" or siteurl like "models.litellm.cloud" or domainname like "checkmarx.zone" or url like "checkmarx.zone" or siteurl like "checkmarx.zone" or domainname like "plug-tab-protective-relay.trycloudflare.com" or url like "plug-tab-protective-relay.trycloudflare.com" or siteurl like "plug-tab-protective-relay.trycloudflare.com" or domainname like "souls-entire-defined-routes.trycloudflare.com" or url like "souls-entire-defined-routes.trycloudflare.com" or siteurl like "souls-entire-defined-routes.trycloudflare.com" or domainname like "championships-peoples-point-cassette.trycloudflare.com" or url like "championships-peoples-point-cassette.trycloudflare.com" or siteurl like "championships-peoples-point-cassette.trycloudflare.com" or domainname like "tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io" or url like "tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io" or siteurl like "tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io" or domainname like "investigation-launches-hearings-copying.trycloudflare.com" or url like "investigation-launches-hearings-copying.trycloudflare.com" or siteurl like "investigation-launches-hearings-copying.trycloudflare.com"

    Detection Query 2 :

    dstipaddress IN ("45.148.10.212","83.142.209.203","83.142.209.11","23.142.184.129","63.251.162.11","195.5.171.242","209.34.235.18","212.71.124.188") or srcipaddress IN ("45.148.10.212","83.142.209.203","83.142.209.11","23.142.184.129","63.251.162.11","195.5.171.242","209.34.235.18","212.71.124.188")

    Detection Query 3 :

    sha256hash IN ("822dd269ec10459572dfaaefe163dae693c344249a0161953f0d5cdd110bd2a0","7b5cc85e82249b0c452c66563edca498ce9d0c70badef04ab2c52acef4d629ca","61ff00a81b19624adaad425b9129ba2f312f4ab76fb5ddc2c628a5037d31a4ba","e9b1e069efc778c1e77fb3f5fcc3bd3580bbc810604cbf4347897ddb4b8c163b","6328a34b26a63423b555a61f89a6a0525a534e9c88584c815d937910f1ddd538","e64e152afe2c722d750f10259626f357cdea40420c5eedae37969fbf13abbecf","5e2ba7c4c53fa6e0cef58011acdd50682cf83fb7b989712d2fcf1b5173bad956","7df6cef7ab9aae2ea08f2f872f6456b5d51d896ddda907a238cd6668ccdc4bb7","f7084b0229dce605ccc5506b14acd4d954a496da4b6134a294844ca8d601970d","0880819ef821cff918960a39c1c1aada55a5593c61c608ea9215da858a86e349","e6310d8a003d7ac101a6b1cd39ff6c6a88ee454b767c1bdce143e04bc1113243","c37c0ae9641d2e5329fcdee847a756bf1140fdb7f0b7c78a40fdc39055e7d926","0c0d206d5e68c0cf64d57ffa8bc5b1dad54f2dda52f24e96e02e237498cb9c3a","7321caa303fe96ded0492c747d2f353c4f7d17185656fe292ab0a59e2bd0b8d9","f398f06eefcd3558c38820a397e3193856e4e6e7c67f81ecc8e533275284b152","18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a","cd08115806662469bbedec4b03f8427b97c8a4b3bc1442dc18b72b4e19395fe3","30015DD1E2CF4DBD49FFF9DDEF2AD4622DA2E60E5C0B6228595325532E948F14","41C4F2F37C0B257D1E20FE167F2098DA9D2E0A939B09ED3F63BC4FE010F8365C","D8CAF4581C9F0000C7568D78FB7D2E595AB36134E2346297D78615942CBBD727","0c6a3555c4eb49f240d7e0e3edbfbb3c900f123033b4f6e99ac3724b9b76278f","887e1f5b5b50162a60bd03b66269e0ae545d0aef0583c1c5b00972152ad7e073","bef7e2c5a92c4fa4af17791efc1e46311c0f304796f1172fce192f5efc40f5d7","d5edd791021b966fb6af0ace09319ace7b97d6642363ef27b3d5056ca654a94c","e4edd126e139493d2721d50c3a8c49d3a23ad7766d0b90bc45979ba675f35fea","e87a55d3ba1c47e84207678b88cacb631a32d0cb3798610e7ef2d15307303c49","ecce7ae5ffc9f57bb70efd3ea136a2923f701334a8cd47d4fbf01a97fd22859c","1e559c51f19972e96fcc5a92d710732159cdae72f407864607a513b20729decb")

    Detection Query 4 :

    resourcename = "Windows Security" and eventtype = "4663" and objectname In ("kamikaze.sh","kube.py","prop.py","proxy_server.py","tpcp.tar.gz")

    Detection Query 5 :

    technologygroup = "EDR" and objectname In ("kamikaze.sh","kube.py","prop.py","proxy_server.py","tpcp.tar.gz")

    Reference:     

    https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/


    Tags

    MalwareAIThreat ActorSupply chain attackPythonInfostealerLLMsBackdoor

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.