DMZ//THREAT INTEL
FEED ACTIVELAST SYNC: 06:03:37ZSOURCES: 14CRITICAL: 15
⚠ ACTIVE ALERTS
SYLVANITE CRITICAL — SYLVANITE is a newly named Dragos-tracked threat group identified as a dedicated… /// @MsftSecIntel CRITICAL — We are tracking TeamPCP (UNC6780) activity following the GitHub internal repository… /// @GossiTheDog CRITICAL — The GitHub / TeamPCP breach is now being monetized on BreachForums. Listing is up — $95k… /// @struppigel CRITICAL — SUPPLY CHAIN ALERT: Laravel-Lang PHP packages backdoored May 22-23 via hijacked GitHub… /// @MalwareHunterTeam CRITICAL — Seeing fresh DebugElevator stealer log batches already appearing for sale on Exploit.in —…
15Critical Threats
8Active CVEs
0IOCs Tracked
0New Advisories
INTEL FEED/THREAT ACTORS/TEAMPCP
TLP:WHITETHREAT ACTOR DOSSIER // TEAMPCP-UNC6780FIRST SEEN: MAR 2026

TEAMPCP

ALSO KNOWN AS: UNC6780
FROM:DMZ INTELLIGENCE DESK
ORIGIN:Unknown
ATTRIBUTION:ORGANIZED CRIME
STATUS:ACTIVE
FIRST OBSERVED:MAR 2026
TECHNICALRESOURCESPERSISTENCESTEALTHIMPACT
TECHNICAL69/100
RESOURCES69/100
PERSISTENCE72/100
STEALTH64/100
IMPACT78/100

SUBJECT PROFILE

Newly tracked threat actor disclosed in Google/Mandiant's May 2026 GTIG report. In March 2026, TeamPCP (UNC6780) compromised multiple GitHub repositories including LiteLLM (a widely-used AI gateway library) and the Trivy vulnerability scanner, embedding a credential stealer called SANDCLOCK in affected build environments. Stolen AWS keys and GitHub tokens were then provided to ransomware affiliates, marking the first documented AI supply chain attack specifically targeting LLM infrastructure for downstream ransomware operations.

Financial gain via AI supply chain poisoning, cloud credential theft, and ransomware partnerships

OPERATIONAL HISTORY

GitHub repository poisoning, PyPI package supply chain compromise, SANDCLOCK credential stealer, cloud secret exfiltration (AWS keys, GitHub tokens), AI gateway library targeting (LiteLLM), ransomware affiliate partnerships

TECHNOLOGY
AI/ML PLATFORMS
CLOUD INFRASTRUCTURE
SOFTWARE DEVELOPMENT

KNOWN INFRASTRUCTURE

Compromised GitHub repositories (LiteLLM, Trivy), poisoned PyPI packages, SANDCLOCK stealer implant in CI/CD build environments

ATTRIBUTED CAMPAIGNS

FILE DATE: MAR 2026
LiteLLM & Trivy Supply Chain Poisoning
Compromised GitHub repositories for LiteLLM AI gateway and Trivy scanner, embedding SANDCLOCK stealer to harvest AWS keys and GitHub tokens from organizations across the AI developer ecosystem.
SHARE BRIEF:✕ Post on Xin Share on LinkedIn