TeamPCP Supply Chain Campaign: Security Scanners Weaponized

Type	Value	Enrichment	Context	Conf.
⌘DOMAIN	`Pending -- refer to source report for published domains`	VT US	No specific IOCs have been published in available source data for the TeamPCP campaign as of the report date. Monitor threat intelligence feeds for future IOC releases.	LOW

The TeamPCP group is reported to be compromising organizations by weaponizing security scanning tools integrated into CI/CD pipelines, turning a defensive control into an entry point. Post-compromise activity has been observed to include cloud environment enumeration, indicating attackers move beyond the build pipeline into broader infrastructure. Organizations running security scanners in automated pipelines face elevated risk of supply chain compromise, credential theft, and cloud resource exposure; campaign activity is ongoing.

Author

TeamPCP Supply Chain Campaign: Security Scanners Weaponized in CI/CD Pipeline Attacks with Confirmed Victim and Cloud Enumeration

Executive Summary

Impact Assessment

Exposure Analysis

Are You Exposed?

Business Context

Business Impact

Technical Analysis

Action Checklist IR ENRICHED

Recovery Guidance

Key Forensic Artifacts

Detection Guidance

Indicators of Compromise (1)

Platform Playbooks

MITRE ATT&CK Hunting Queries (3)

Falcon API IOC Import Payload (1 indicators)

Compliance Framework Mappings

MITRE ATT&CK Mapping

Sources (5)

Gallery

Contacts

Tech Jacks Solutions

Services

Learn

Company