The DevSecOps Paradox: How the TeamPCP Supply Chain Attack Turned Cisco’s Security Tools Into Trojan Horses

A cyber offensive targeting one of the preeminent information technology conglomerates originated from a seemingly mundane instrument for vulnerability assessment. Consequently, adversaries successfully infiltrated the internal developmental sanctuary of Cisco, exfiltrating the foundational source code of both the corporation and its clientele.

This tribulation is inextricably linked to a recent supply chain bombardment involving the Trivy utility. Through a venomous automation plugin within GitHub, marauders usurped credentials and telemetry from the build and development environments. Dozens of apparatuses were besieged, encompassing the workstations of architects and laboratory systems alike.

Cisco’s internal response vanguards have since sequestered the breach. Nevertheless, according to internal evaluations, the ramifications may metastasize further due to synergistic strikes upon LiteLLM and Checkmarx. Following their ingress, the assailants harvested access keys to the Amazon Web Services cloud platform, wielding them to orchestrate unauthorized maneuvers across a myriad of accounts. The enterprise is currently isolating the afflicted architectures, reinstating them from pristine states, and executing a sweeping rotation of credentials.

During the siege, the marauders duplicated over 300 repositories. Among these were the source codes for artificial intelligence-driven offerings, including AI Assistants and AI Defense, alongside nascent projects yet to be unveiled. A portion of the purloined intelligence belongs to corporate patrons, spanning financial institutions, outsourcing firms, and United States governmental departments.

According to available intelligence, the offensive involved a coalition of disparate groups possessing varied degrees of vitality. The corporation has hitherto refrained from responding to official inquiries regarding the cataclysm.

The catalyst for the subjugation was the compromise of the Trivy supply chain earlier this month. The malefactors embedded themselves within the project’s GitHub deployment pipeline, disseminating malignant architecture via official releases and automated scripts. The malware harvested credentials, thereby granting passage to thousands of internal developmental environments across a diverse array of enterprises.

This campaign is attributed to the collective designated as TeamPCP. The syndicate wields a proprietary malignant artifact known as “TeamPCP Cloud Stealer” and is conducting a persistent crusade against developer platforms, including GitHub, PyPI, NPM, and Docker. Previously, the architects of this campaign also compromised the LiteLLM package within PyPI and the Checkmarx KICS project, propagating the same instrument for data exfiltration.