SUBJECT PROFILE
TeamPCP is a highly sophisticated criminal threat actor responsible for the ongoing Shai-Hulud supply chain worm campaign, the most technically advanced open-source supply chain attack series documented to date. The May 2026 'Mini Shai-Hulud' wave compromised 172+ npm and PyPI packages across 518 million cumulative downloads—including TanStack, Mistral AI, UiPath, OpenSearch, and OpenAI packages—by defeating SLSA Build Level 3 provenance attestations through GitHub Actions CI cache-poisoning rather than signature forgery. The group has confirmed partnerships feeding harvested credentials to the Vect RaaS operation and LAPSUS$ extortion group, and on May 13, 2026 open-sourced the Shai-Hulud worm on BreachForums, transforming into a platform operation with affiliate contest mechanics targeting the AI developer toolchain.
Financial gain via large-scale developer and cloud credential theft fed into downstream ransomware (Vect RaaS) and extortion (LAPSUS$) monetization pipelines
OPERATIONAL HISTORY
T1195.001 Compromise Software Dependencies (npm/PyPI poisoning), T1552.001 Credentials in Files (CI/CD secret harvesting), T1528 Steal Application Access Token (OIDC token extraction from GitHub Actions runner memory), T1053 Scheduled Task Persistence (.claude/settings.json hooks, VS Code tasks, system daemons), T1071 C2 via HTTPS (git-tanstack[.]com), T1027 Obfuscated Payload (SLSA attestation abuse), T1119 Automated Collection, T1567 Exfiltration to C2
KNOWN INFRASTRUCTURE
Shai-Hulud / Mini Shai-Hulud self-propagating worm (npm+PyPI), GitHub Actions cache-poisoning exploit chain, OIDC token exchange abuse, Claude Code startup hook persistence, git-tanstack[.]com C2 domain, Hugging Face malicious model distribution, ClawHub AI agent registry poisoning (341 entries), Vect RaaS partnership, LAPSUS$ EaaS partnership; ~300 GB credentials + 500,000+ cloud tokens exfiltrated in prior waves