TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)

TeamPCP is a supply chain campaign that affects multiple package ecosystems, including GitHub, and has been observed to trojanize a Microsoft-published Python SDK. The threat appears to have open-sourced its own framework on GitHub. This campaign poses a significant risk to users of affected packages.

1. TeamPCP operates across three package ecosystems in parallel, including GitHub.
2. The threat has been observed to trojanize a Microsoft-published Python SDK.
3. TeamPCP has open-sourced its own framework on GitHub.
4. Detection opportunities may include unusual package dependencies or code modifications in GitHub repositories.

T1190 - Spyware: Malware is used to steal sensitive information from the victim's system

TeamPCP framework on GitHub, GitHub repository names, affected Python SDK versions

Users should review their dependencies and update to the latest versions of affected packages. Additionally, developers should scrutinize open-source code for potential tampering.