FBI: Cyber Criminal Group TeamPCP


The Federal Bureau of Investigation (FBI) is releasing this FLASH to highlight the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with the cyber criminal group TeamPCP. TeamPCP actors have conducted large-scale software supply chain compromises by targeting widely used developers and security tools, gaining access to victim environments and extracting sensitive data, including but not limited to cloud access tokens, SSH keys, and Kubernetes secrets. The FBI encourages organizations to contact the FBI if they have been compromised, and to implement the actions in the Recommendations section to reduce the likelihood and impact of compromise by TeamPCP actors.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Politician who investigated spyware abuses had his phone hacked with Pegasus spyware

    July 2, 2026

    Security researchers have confirmed that a European politician had his phone hacked with the Pegasus spyware while serving on an investigatory committee probing abuses of the notorious surveillance tool. This has reignited fresh controversy over governments abusing spyware to collect information about their critics. The researchers at the University of Toronto’s digital rights unit The Citizen ...

  • Hackers breached DHS information-sharing network

    June 30, 2026

    A key Department of Homeland Security information-sharing database was accessed by an unknown threat actor in recent weeks, potentially exposing sensitive data exchanged between federal, state, local and industry partners, according to two people familiar with the matter. DHS investigators are probing the intrusion of the Homeland Security Information Network, said both people, who spoke on ...

  • ToddyCat: your hidden email assistant. Part 2

    June 30, 2026

    Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting ...

  • Japan: Over 14 million login credentials leaked from six ISPs in major data breach

    June 29, 2026

    A data breach that has potentially exposed the email and password combinations for over 14 million customers across six internet service providers (ISPs) has been disclosed by Japanese telecoms provider KDDI Corporation. According to the company, hackers exploited a vulnerability in a third-party software to access the database of credentials. KDDI said that it immediately blocked ...

  • ONResolver RAT Abuses TON Blockchain to Target Japan’s Hotel Industry

    June 29, 2026

    In late May 2026, suspicious emails were identified being sent to Japanese partner companies of Booking.com, with the subject line “Important: Guest Stay Review Request” (重要:ゲスト滞在レビュー依頼). In this attack, a zip file was downloaded by accessing a hyperlink to a suspicious web site, and the infection began when the user clicked a shortcut link file ...

  • Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs

    June 29, 2026

    Nissan has joined the growing list of Oracle customers cleaning up after a cyberattack, warning employees that payroll records, bank details, Social Security numbers, and other personal data may have been stolen. In a filing submitted to the California Attorney General on Friday, Nissan Americas said Oracle had informed it of “a cyber event” involving the personnel records ...