TeamPCP
Cybercrime Financial Dormant
- Mentions
- 6
- First seen
- 21 May 2026
- Last seen
- 08 Jun 2026
Relevant to you · Relevant
- Threat focus:
- supply chain
Origin
Unattributed
Sources
inferred Confidence medium
Profile
TeamPCP is a threat group known for large-scale supply chain attacks on open source ecosystems. They target package managers like npm and PyPI to inject malicious code into widely used libraries. The campaign involves container escape techniques and is documented under the name 'Mini Shai-Hulud'. Their activities have been observed through mid-2026 and pose a significant risk to the software supply chain.
Affected vendors
MicrosoftNx (nrwl)PyPIGitHubNpmGrafana LabsOpenAIMistral AINx ConsoleDockerKubernetesCheckmarx
Targeted sectors
supply chainContainerized EnvironmentsSoftware Supply ChainSoftwareentwicklungInformationstechnologie
Targeted regions
Global
Associated malware / tools
Mini Shai-Hulud
Linked CVEs
- CVE-2026-45321 KEV CVSS 9.6 EPSS 17%
Activity (8 weeks)
Recent activity
- TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th) SANS Internet Storm Center, InfoCON: green
- Containers on fire: from container escapes to supply chain attacks Securelist
- TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th) SANS Internet Storm Center, InfoCON: green
- TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th) SANS Internet Storm Center, InfoCON: green
- Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign Tenable Blog
- A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale Security Latest