(socket.dev) TeamPCP and Vect Ransomware Group Unite to Weaponize Open Source Supply Chain Compromises
Uncategorized
1
Posts
1
Posters
0
Views
-
(socket.dev) TeamPCP and Vect Ransomware Group Unite to Weaponize Open Source Supply Chain Compromises
TeamPCP partners with Vect RaaS to weaponize open-source supply chain compromises for ransomware ops. Targets include Trivy, LiteLLM, GitHub Actions, npm/PyPI packages, and Docker images. 300GB+ of CI/CD credentials exfiltrated, with LiteLLM breach yielding hundreds of thousands of tokens. Vect offers 80-88% affiliate revenue via BreachForums (300K+ users). Attack chain exploits trusted pipeline components for initial access and ransomware deployment.
Source: https://socket.dev/blog/teampcp-partners-with-vect-targeting-oss-supply-chains
-
R relay@relay.infosec.exchange shared this topic
