Recent Breaches
Breaches
2026PowerSchool62.4M stolen62.4M records stolen2026DISA Global Solutions3.3M stolen3.3M records stolen2026Globe Life850K stolen850K records stolen2026NHS ScotlandUndisclosed stolenUndisclosed records stolen2026HertzUndisclosed stolenUndisclosed records stolen2025Marks & Spencer9.4M stolen9.4M records stolen2025PayPal35K stolen35K records stolen2025Jaguar Land RoverUndisclosed stolenUndisclosed records stolen2025Co-operative GroupUndisclosed stolenUndisclosed records stolen2024National Public Data2.9B stolen2.9B records stolen2026NHS ScotlandUndisclosed stolenUndisclosed records stolen2026HertzUndisclosed stolenUndisclosed records stolen2025Marks & Spencer9.4M stolen9.4M records stolen2025PayPal35K stolen35K records stolen2025Jaguar Land RoverUndisclosed stolenUndisclosed records stolen2025Co-operative GroupUndisclosed stolenUndisclosed records stolen2024National Public Data2.9B stolen2.9B records stolen2026PowerSchool62.4M stolen62.4M records stolen2026DISA Global Solutions3.3M stolen3.3M records stolen2026Globe Life850K stolen850K records stolen
View All →
Breaking NewsUpdated as information becomes available
Back to Knowledge Vault
BreakingBreaking5 July 20264 min read

FBI FLASH: TeamPCP Hits Software Supply Chain, Steals Cloud Keys

FBI FLASH warns that TeamPCP is compromising widely used developer and security tools to steal cloud tokens, SSH keys and Kubernetes secrets. What UK organisations must isolate now.

Mark Fermor

Mark Fermor

Director & Co-Founder, Firevault

Share
Abstract editorial illustration of a software supply chain compromise with magenta package nodes and leaking cyan credential tokens on a dark navy background

The FBI has issued a FLASH advisory on the cybercriminal group known as TeamPCP, which has been carrying out large-scale software supply chain compromises by targeting widely used developer and security tools. Once inside a victim environment, the group extracts the credentials that matter most: cloud access tokens, SSH keys and Kubernetes secrets. It then extorts victims, publishes their names on a public leak site and, in several cases, collaborates with other threat actor groups to increase pressure.

For UK boards, this is not another ransomware headline. It is a reminder that the software you trust to build, ship and defend your estate is now a first-class attack surface.

What TeamPCP is actually doing

According to the FBI FLASH, TeamPCP is not brute-forcing perimeters. The group is compromising the tools that already sit inside trusted software delivery pipelines. That includes developer utilities, CI and CD components, and in some cases security tooling itself. Once a trusted binary is compromised, the group reaches downstream victims through the software update or agent channel that those victims already permit.

Inside the victim environment, TeamPCP focuses on the credentials that unlock everything else:

  • Cloud access tokens for AWS, Azure and GCP tenancies
  • SSH keys for production servers and jump hosts
  • Kubernetes secrets, service account tokens and container registry credentials

The group then moves to extortion. Victims are named on a public leak site, stolen data is threatened for release, and in some cases the group works alongside other criminal actors to escalate the pressure. The FBI FLASH sets out TeamPCP's tactics, techniques and procedures (TTPs), indicators of compromise (IOCs) and defensive recommendations. UK security teams should read it directly and cross-reference the IOCs against their own telemetry.

Why this matters for UK organisations

A supply chain compromise of a developer or security tool bypasses most of the controls a UK organisation has paid for. The binary is signed. The update channel is trusted. The agent already runs with the permissions it needs to reach production. Endpoint detection tools are looking for suspicious processes, not for a legitimate agent being told to exfiltrate a Kubernetes secret to an attacker-controlled endpoint.

One compromised tool, one time, gives an attacker keys to production, CI/CD, cloud tenancies and container platforms in a single operation. That is why TeamPCP is going after software supply chains rather than individual companies. It is a force multiplier.

The uncomfortable question for every UK board is simple. Where are your long-lived cloud tokens, SSH keys and Kubernetes secrets stored right now? If the answer is "in a secrets manager that any compromised build agent can reach", the exposure is direct.

The Firevault view

Firevault's position on this is deliberate. High-value credentials that could hand an attacker a cloud tenancy or a production cluster should not sit on any always-connected system. Once a trusted developer or security tool is compromised, every online secrets store, key vault and CI runner in its blast radius becomes reachable in the same operation.

A physically air-gapped vault removes the exfiltration path entirely. Signing keys, break-glass credentials, root cloud tokens and long-lived infrastructure secrets held on a Firevault are not on the network TeamPCP or any downstream operator can touch. Security is enforced by physics, not by the assumption that every piece of trusted software will stay uncompromised.

What to do this week

  1. Read the FBI FLASH. Pull the TTPs and IOCs, hand them to your SOC and hunt for the indicators across endpoint, cloud audit and Kubernetes control-plane logs. Source: FBI FLASH on TeamPCP.
  2. Rotate long-lived cloud tokens. Any AWS, Azure or GCP credential older than 90 days, especially those held by build agents or third-party developer tools, should be rotated on a defined schedule this quarter.
  3. Move signing keys and CI secrets off online build hosts. A compromised runner should not be able to reach the key material that signs your releases or unlocks production.
  4. Audit third-party developer and security tools with cloud scope. List every vendor agent that has an API token into your cloud tenancy or cluster. Reduce the scope of each token to the minimum needed and remove any that are no longer used.
  5. Isolate high-value credential stores. Root cloud accounts, domain administrator credentials, disaster-recovery keys and signing material belong on hardware that is physically disconnected from the systems TeamPCP is targeting.

The pattern behind TeamPCP is not new, but the scale is. Software supply chain attacks will keep happening because they work. The organisations that come through them well are the ones that assumed, in advance, that their trusted tools could be turned against them, and put their most sensitive credentials somewhere those tools could never reach.

Mark Fermor, Co-Founder, Firevault.

About the author

Mark Fermor

Mark Fermor

Director & Co-Founder

Co-founder of Firevault, focused on offline secure storage and protecting individuals and businesses from fraud, fines, loss and damage. Speaker, owner and advisor.

Share this article

Breaking News
Breaking5 July 20264 min read

FBI FLASH: TeamPCP Hits Software Supply Chain, Steals Cloud Keys

FBI FLASH warns that TeamPCP is compromising widely used developer and security tools to steal cloud tokens, SSH keys and Kubernetes secrets. What UK organisations must isolate now.

FBI FLASH: TeamPCP Hits Software Supply Chain, Steals Cloud Keys
Mark Fermor
Published by Mark Fermor, Director & Co-Founder

    Firevault

    Firevault is Offline Secure Storage. Hardware you own, physically disconnected by default, with KYC-verified access. Ransomware-proof by design, not by patch.

    © 2026 Firevault Limited. Disconnect to Protect®