Washington, D.C.

FBI Honolulu Sounds Alarm As TeamPCP Hijacks Developer Supply Lines

AI Assisted Icon
Published on July 02, 2026
FBI Honolulu Sounds Alarm As TeamPCP Hijacks Developer Supply LinesSource: X/FBI Honolulu

The FBI's Honolulu field office did not mince words on Thursday, issuing an urgent FLASH alert about TeamPCP, a cybercriminal crew quietly slipping malicious code into popular developer and security tools to rip off cloud access tokens, SSH keys and Kubernetes secrets. According to the bureau, those software supply-chain hits let attackers ride through CI/CD pipelines, pivot across environments and siphon off sensitive data that can later fuel extortion attempts. Local software teams, cloud operators and anyone publishing or pulling code from public package registries are called out as especially at risk.

What The FBI FLASH Says

In FLASH-20260702-01 the bureau walks through TeamPCP's tactics and indicators, describing how the group trojanized several widely used developer and security tools, including Trivy, Checkmarx's KICS, LiteLLM and the Telnyx Python SDK. The alert says the actors deployed malware families the FBI labels CanisterWorm, SANDCLOCK, Mini Shai-Hulud and Miasma, and it includes IP addresses, domains and file hashes associated with the campaign. Investigators say TeamPCP has both exfiltrated credentials and tried to pressure victims by posting their names on public leak sites. Organizations that suspect they have been hit are urged to preserve logs and any extortion messages and to report incidents to their local field office or to IC3, according to IC3.

How TeamPCP Pulls Off Supply-Chain Compromises

Industry analysts say TeamPCP strings together weaknesses across CI/CD systems and package ecosystems, leaning on stolen automation tokens and malicious preinstall hooks to deliver credential-stealing payloads and self-spreading worms into downstream projects. Palo Alto Networks' Unit 42 has detailed how the same campaign leaned on backdoored release tags, tainted Visual Studio Code extensions and registry-level malware to move from individual developer machines into cloud infrastructure. Those chained failures in build and release automation are what let a single compromised tool snowball into widespread exposure, according to Palo Alto Networks Unit 42.

High-Profile Hits And GitHub Exfiltration

The activity first surfaced with the Trivy compromise in March, followed by later waves that struck npm and PyPI packages, as documented by the Microsoft Security Blog. On May 20, GitHub confirmed that attackers weaponized a malicious Visual Studio Code extension to reach and exfiltrate roughly 3,800 internal repositories, according to Decrypt. Together, the incidents offer a harsh reminder that flexible workflow tags and ubiquitous developer tools can be turned into large-scale attack rails.

What Organizations Should Do Right Now

The FBI's FLASH outlines specific steps for locking things down: pin GitHub Actions workflows to verified commit SHAs, rotate CI/CD publishing tokens and cloud credentials, clamp down on service accounts with strict least-privilege access, require phishing-resistant multi-factor authentication for anyone with publishing rights, and keep offline, immutable backups of critical artifacts. The advisory also suggests scanning repositories and logs for the markers 'tpcp-docs' or 'docs-tpcp' that the worm leaves behind, and setting up runtime monitoring on CI/CD runners to catch unexpected outbound traffic. Taken together, those moves cut exposure and help investigators follow any post-compromise activity, per IC3.

For Honolulu-area tech firms, government contractors and universities that live and die by shared CI/CD tooling, the FLASH is not background reading. The bureau is effectively telling local teams to pull logs, rotate keys and reach out to the FBI Cyber Squad or file a report with IC3 if they see anything suspicious. The initial public alert went out via FBI Honolulu, and the full FLASH includes indicators of compromise and detailed reporting instructions for any affected organizations.