TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)

TeamPCP is a supply chain campaign that has compromised three package ecosystems, including GitHub, and has trojanized a Microsoft-published Python SDK. The threat actor has also open-sourced its own framework on GitHub. This campaign poses a significant risk to developers and users of affected packages.

1. TeamPCP operates across three package ecosystems in parallel, including GitHub.
2. The threat actor has trojanized an officially Microsoft-published Python SDK.
3. TeamPCP has open-sourced its own framework on GitHub.
4. Detection opportunity: monitor for suspicious activity in GitHub repositories and Python SDK updates.

T1190: Spyware - TeamPCP uses spyware to gather information from compromised systems; T1566.001: Spearphishing Attachment - TeamPCP uses spearphishing to distribute its malware

GitHub repository names: e.g. 'teampcp-framework', 'trojanized-python-sdk'; affected Python SDK versions: e.g. 'python-sdk-1.0.0'; TeamPCP framework hashes: e.g. 'sha256:1234567890abcdef'

Developers should monitor GitHub repositories and Python SDK updates for suspicious activity and apply patches or updates as soon as they become available.