First seen targeting misconfigured Docker APIs and Kubernetes clusters. By May the same crew would be linked to Trivy, Checkmarx, LiteLLM, Telnyx, Bitwarden CLI, TanStack, and GitHub itself.
← Findings
TeamPCP surfaces as a named threat actor
First seen targeting misconfigured Docker APIs and Kubernetes clusters. By May the same crew would be linked to Trivy, Checkmarx, Bitwarden CLI, TanStack, and GitHub itself.