The European Commission and Mercor have both made public reports about TeamPCP violations This article explores teampcp using stolen. . Threat actors are getting into companies' cloud infrastructure, like AWS, Azure, and SaaS instances, by using stolen credentials and secrets they got from supply chain attacks.

CERT-EU has confirmed that the ShinyHunters leak site had a dataset from the EC that had been stolen. Businesses are having a harder time because of third-party cybercriminal groups, and it's not clear how they got access to the same stolen data. Experts have also told businesses to quickly deal with these growing threats because of this. The worst thing you could do is get rid of the bad package while still letting people access the stolen credentials.

By then, attackers might be able to move laterally between nearby environments. The speed of the attack was very scary.

Enar Seker, CISO at SOCRadar, says that "speed is the key takeaway" from the TeamPCC supply chain attacks. The attacks have gotten worse, and it looks like Lapsus$ and ShinyHunters may be involved in some way that isn't clear. TeamPCP has made its partnership with Vect, a new ransomware group, stronger.

This changes the way cybersecurity works in a big way. Security teams should also check CI/CD runners, look over GitHub Actions and package publishing workflows, and look into any strange behavior in their cloud and SaaS environments. Seker says that instead of waiting, you should immediately revoke and rotate any exposed secrets, invalidate all tokens, and reissue cloud credentials.Seker says, "What we're seeing looks less like a clean handoff between separate groups and more like a convergence of cybercriminal ecosystems around the same access."

Tomer Peled of Akamai says, "TeamPCP will keep using the stolen credentials to install their RAT on as many victims as they can."