AWS is the primary target environment in the TeamPCP supply chain campaign, with European Commission AWS accounts confirmed breached via stolen CI/CD credentials traced to a Trivy supply-chain compromise. Attackers created covert IAM access keys for persistence and exfiltrated data from cloud storage; ShinyHunters subsequently published the dataset externally. Organizations should immediately audit IAM for unrecognized access keys, rotate all CI/CD cloud credentials, and query CloudTrail for CreateAccessKey and cross-account AssumeRole events from pipeline contexts.