Emerging Threats//
TeamPCP Supply Chain Attacks
TeamPCP is exploiting trusted npm and PyPI packages to compromise developer environments, steal credentials, and extend attacks across software supply chains.
Cyber resilience is dependent not only on the strength of an organization’s own planning and defenses, but also that of its partners. Attackers increasingly are capitalizing on risks that come from supply chains. If a given target for a group of attackers proves to be difficult to infiltrate, they may look to other companies and organizations connected to the target. Supply chain attacks vary in sophistication and execution. They can range from compromising email accounts at partner companies to stealing code-signing certificates to infiltrating continuous integration and continuous delivery (CI/CD) software development pipelines. Organizations can vet their partners using questionnaires and surveys, but the security of a partner from day to day can be largely unknown. However, there are sources of cyber threat intelligence (CTI) that can provide advance warning of cybercriminals targeting partners and allow crucial time to make a risk evaluation. The following white paper explores a few of the most notable supply chain attacks and discusses how CTI can be operationalized to reduce risk — from monitoring malware indicators to exposed credentials to software vulnerabilities.