TeamPCP's supply chain attack on Aqua Security's Trivy scanner led to credential theft across npm, PyPI, and GitHub Actions, compromising millions of downloads.

The New Stack is a publication covering trends and technologies in cloud-native development, DevOps, and software delivery. Developers can learn about containerization, Kubernetes, and cloud computing, as well as explore topics such as microservices architecture, serverless computing, and continuous integration/continuous delivery (CI/CD) pipelines.

The New Stack

TeamPCP, a threat actor group, executed a sophisticated multi-stage supply chain attack starting with Aqua Security's Trivy vulnerability scanner. By exploiting a GitHub Actions misconfiguration, they stole credentials, trojanized Trivy binaries and actions, and spread malware across npm packages via a self-propagating worm called CanisterWorm. The attack chain compromised CI/CD pipelines across millions of developer environments, stealing cloud credentials, SSH keys, Kubernetes tokens, and more. The group claims to have obtained 300 GB of compressed credentials from projects downloaded over 100 million times monthly. Security experts recommend rotating all credentials, pinning GitHub Actions to commit SHAs instead of tags, and treating security tools as versioned dependencies with checksum verification.

How TeamPCP turned Aqua Security’s own Trivy scanner into a weapon against millions of developers