EXECUTIVE SUMMARY:
A supply chain attack has been identified involving a trojanized version of a widely used Python package associated with a cloud-native workflow execution framework. The malicious activity is part of a broader campaign attributed to TeamPCP, targeting developer ecosystems, where trusted open-source components are abused to distribute malware. The compromised package was modified to enable unauthorized access to victim environments, with the primary objective of harvesting sensitive credentials and enabling downstream system compromise. This incident highlights the growing risk posed by software supply chain attacks orchestrated by TeamPCP that exploit trust in widely adopted development libraries.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
A supply chain attack has been identified involving a trojanized version of a widely used Python package associated with a cloud-native workflow execution framework. The malicious activity is part of a broader campaign attributed to TeamPCP, targeting developer ecosystems, where trusted open-source components are abused to distribute malware. The compromised package was modified to enable unauthorized access to victim environments, with the primary objective of harvesting sensitive credentials and enabling downstream system compromise. This incident highlights the growing risk posed by software supply chain attacks orchestrated by TeamPCP that exploit trust in widely adopted development libraries.[emaillocker id="1283"]
The attack originates from unauthorized modification of specific package versions published to a public registry. The malicious versions contain injected code that executes automatically during package import or initialization, without requiring explicit function calls. This code downloads a second-stage payload from attacker-controlled infrastructure, which is responsible for credential harvesting, system reconnaissance, and environment enumeration. The payload is designed to extract sensitive artifacts such as cloud credentials, CI CD secrets, authentication tokens, and local configuration files. It further establishes persistence by writing hidden markers on infected systems and can enable lateral movement across connected cloud and Kubernetes environments. The malware also communicates with remote command-and-control servers to exfiltrate collected data and may leverage stolen credentials to propagate across additional developer or cloud targets.
It underscores the systemic risks associated with modern software supply chains, where a single compromised account can cascade into widespread downstream exposure. By targeting trusted libraries and automating malicious releases, threat actors can efficiently infiltrate developer pipelines and cloud environments at scale. The attack reinforces the need for stronger integrity controls in package publishing workflows, continuous monitoring of dependency behavior, and rapid detection of anomalous package updates to reduce the impact of similar supply chain intrusions in the future.
THREAT PROFILE:
| Tactic | Technique Id | Technique | Sub-technique |
| Initial Access | T1195.002 | Supply Chain Compromise | Compromise Software Supply Chain |
| Execution | T1059.006 | Command and Scripting Interpreter | Python |
| T1203 | Exploitation for Client Execution | - | |
| Persistence | T1547.001 | Boot or Logon Autostart Execution | Registry Run Keys / Startup Folder |
| Credential Access | T1552.001 | Unsecured Credentials | Credentials In Files |
| T1555.003 | Credentials from Password Stores | Credentials from Web Browsers | |
| Discovery | T1082 | System Information Discovery | - |
| Exfiltration | T1041 | Exfiltration Over C2 Channel | - |
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/microsoft-python-client-durabletask/
https://www.wiz.io/blog/durabletask-teampcp-supply-chain-attack