Two cybercrime groups, the ransomware operation Vect and a data theft crew called TeamPCP, have formed a formal partnership to combine credential theft with large scale ransomware deployment, according to researchers at Sophos Counter Threat Unit. The alliance pairs TeamPCP's talent for poisoning widely used software supply chains with Vect's ransomware infrastructure, and it has already swept up thousands of downstream organizations.
Who they are
Vect surfaced on December 31, 2025 with an affiliate recruitment ad on a Russian language cybercrime forum, launched a 2.0 version a month later, and claimed to have signed 60 affiliates and hit 154 organizations within two months. TeamPCP (also known as PCPcat, ShellForce, and DeadCatx3) appears to draw members from The Com, a loose confederation of mostly English speaking criminals. In March 2026 the two announced their tie up alongside a partnership with the BreachForums cybercrime marketplace.
How the supply chain attacks worked
Sophos ties TeamPCP to a string of high profile software supply chain compromises between March and May 2026. The group first stole developer credentials from Trivy, an open source vulnerability scanner made by Aqua Security and used by thousands of organizations. On March 19 the attackers pushed a poisoned version of the scanner to official channels; anyone who installed the apparent update was actually running malware that harvested passwords and cloud credentials while continuing to scan normally to avoid suspicion. Those stolen secrets then fed a self propagating worm the researchers call CanisterWorm, which spread across dozens of popular packages.
From there the crew pivoted to fresh targets using credentials looted in the first breach. They poisoned GitHub Actions and marketplace plugins belonging to application security firm Checkmarx, compromised the command line tool of password manager Bitwarden, and published malicious versions of the LiteLLM AI gateway library (which sees roughly 96 million downloads a month) and the Telnyx Python SDK to the PyPI registry. One LiteLLM build was rigged to fire its payload automatically on Python startup, even without the package being imported. A TeamPCP member told Forbes the group used AI agents to socially engineer a service account into handing over GitHub access.
Why it matters
Supply chain attacks turn a single vendor breach into a foothold inside every organization that trusts that vendor's software, which is exactly what makes this partnership dangerous. To cash in, TeamPCP has worked with established extortion brands, including LAPSUS$, which added Checkmarx to its leak site, and it has publicly boasted of chaining these compromises into ransomware. The React2Shell flaw (CVE-2025-55182) that TeamPCP mass exploited in late 2025 shows how the group blends fresh vulnerabilities with credential theft. It is the same pattern behind other recent supply chain worms such as the Shai-Hulud worm that evolved to fool AI security scanners.
What you should do
Organizations should pin and verify the integrity of build tools and dependencies, watch for unexpected new versions of trusted packages, rotate any credentials that may have passed through a compromised CI/CD pipeline, and track Vect's leak site activity. The ransomware operation is profiled on our Vect actor page.
Full analysis is available in the original report from the Sophos Counter Threat Unit.
This briefing is provided by IntelFusions for informational and defensive purposes only. It is based on sources assessed to be reliable at the time of writing, and analytic judgments carry the confidence levels indicated. Indicators of compromise are defanged; re-arm them only in controlled environments. IntelFusions is not affiliated with the organizations named and makes no warranty as to completeness or accuracy.