TeamPCP Partners With Ransomware Group Vect to Target Open Source Supply Chains

The ongoing attacks targeting Trivy, LiteLLM, and other open source security tools are entering a new phase, with claims that TeamPCP has partnered with the Vect ransomware group to leverage supply chain compromises for ransomware operations.

Posts attributed to Vect on BreachForums announced a partnership with TeamPCP, the actors behind recent cross-ecosystem supply chain attacks involving GitHub Actions, OpenVSX extensions, Docker images, and npm and PyPI packages:

Vect Ransomware Group is now partnering with TeamPCP, the operators behind the latest Trivy / LiteLLM supply chain compromises. Together, we are ready to deploy ransomware across all affected companies that got hit by these attacks, and we won't stop there.

We will pull off even bigger supply chain operations. We will chain these compromises into devastating follow-on ransomware campaigns.

Vect is a emerging ransomware-as-a-service (RaaS) operation, operating as a structured affiliate model where core developers build the ransomware and affiliates carry out attacks, earning up to 80–88% of the profits.

In case you're not familiar, BreachForums is one of the most prominent cybercrime forums, used as a marketplace for buying and selling stolen data, credentials, and hacking tools. It emerged as the successor to RaidForums and quickly grew to hundreds of thousands of users, becoming a central hub for monetizing breaches and coordinating activity across the underground ecosystem.

Separate reporting from International Cyber Digest indicates that TeamPCP began recruiting negotiators shortly after the Trivy compromise, suggesting rapid movement from initial access to monetization.

Leveraging Supply Chain Compromise for Ransomware Deployment#

The same announcement describes a broader partnership with BreachForums, where members are offered automatic affiliation and support to participate in ransomware operations at scale.

“From this day forward, every single BreachForums member will receive their own personal Vect Affiliation Key for immediate activation.
Every single BreachForums member will become a proud Vect affiliate.
Every member with IA, and is struggling with deploying ransomware, will receive help from the Vect support team.
Just imagine what +300k Vect affiliates can do.”

By tying ransomware operations directly to the BreachForums ecosystem and distributing affiliation keys to its users, the group is dramatically expanding the pool of potential affiliates and downstream attacks.

If this plays out as they claim, the supply chain compromises will be used as the entry point for coordinated ransomware campaigns, rather than standalone data theft or token abuse.

Open Source Infrastructure Is Now a Primary Target#

Ransomware groups have traditionally focused on direct enterprise access through phishing, exposed services, or credential theft.

By targeting open source security tools and CI/CD workflows, attackers gain access to systems that already sit inside enterprise environments. That access includes credentials, tokens, and visibility into internal infrastructure.

vx-underground, a long-running malware research collective that tracks threat actor activity and shares samples and analysis, described what they see as a sustained increase in targeting of open source ecosystems:

“A MASSIVE shift toward targeting open source solutions. While this isn't new, the past couple of months its been every single day someone is targeting a supply chain via masquerading or directly targeting the open source provider.”

They point to a combination of factors driving this increase, including a shift toward higher-level languages and multi-stage tooling, which lower the barrier to building and deploying malware at scale:

“AI has assisted with the shift in the malware landscape ... toward higher level languages.”

This analysis aligns with the volume and frequency of recent incidents that we have seen affecting shared developer infrastructure.

Earlier this week, we warned that TeamPCP was systematically targeting security tools across the OSS ecosystem, using scanners and CI pipelines to harvest credentials and gain access to enterprise environments. That access is now being operationalized for follow-on attacks, with these new claims of ransomware deployment against affected organizations.

Individuals and organizations that maintain open source tools need to understand how capable and effective this group has already been at compromising the supply chain and extracting credentials at scale.

In our previous reporting, citing International Cyber Digest and corroboration from vx-underground, TeamPCP is believed to have exfiltrated roughly 300 GB of compressed credentials, including tokens and secrets harvested from CI/CD pipelines, with the LiteLLM compromise alone linked to hundreds of thousands of stolen credentials.

This puts a spotlight on anything in CI/CD environments that isn’t locked down. Security scanners, IDE extensions, build tooling, and execution environments are granted broad access because they’re expected to need it. When attackers are targeting the tools themselves, anything running in the pipeline has to be treated as a potential entry point.