Full Report
Ransomware activity remained consistent through Q1, with credential-based initial access continuing to drive most incidents. Compromised credentials paired with exposed remote access services accounted for 74% of ransomware intrusions investigated by Beazley Security this quarter. However, we did see a notable trend emerge in Q1: a growing subset of threat actors skipped encryption entirely, opting for data theft and extortion for ransom.
Analysis Summary
# Incident Report: TeamPCP Supply Chain & Stryker Destructive Attacks
## Executive Summary
Q1 2026 was characterized by a massive AI-assisted developer supply chain campaign by threat actor TeamPCP and a highly destructive "malware-less" attack on Stryker by the Handala Group. The quarter saw a 43% increase in exploited zero-days, largely driven by AI-powered vulnerability discovery, forcing a shift in response strategy toward rapid containment rather than traditional patching.
## Incident Details
- **Discovery Date:** Q1 2026
- **Incident Date:** January – March 2026
- **Affected Organizations:** Aqua Security (Trivy), Checkmarx (KICS), LiteLLM, Cisco, Stryker, European Commission, Mercor Startup.
- **Sector:** Technology/Software, Healthcare/Medical Devices, Government.
- **Geography:** Global (including US and Europe).
## Timeline of Events
### Initial Access
- **Date/Time:** Early Q1 2026.
- **Vector:** AI-assisted bot (hackerbot-claw) and compromised credentials.
- **Details:** TeamPCP exploited a misconfigured automation workflow in Aqua Security’s Trivy scanner to gain a foothold.
### Lateral Movement
- Attackers used harvested credentials to move from Trivy to Checkmarx’s KICS scanner and the LiteLLM AI library.
- This "daisy-chain" effect eventually compromised over 66 software packages.
### Data Exfiltration/Impact
- **Supply Chain:** Stolen internal repositories from Cisco (>300); data theft from thousands of companies via LiteLLM.
- **Destructive Attack:** Handala Group gained administrative access to Stryker’s Entra (Azure AD) and used Microsoft Intune to remote wipe over 200,000 systems across 79 offices.
### Detection & Response
- **Discovery:** Identified via Beazley Security Labs analysis of the TeamPCP-Vect ransomware partnership and affiliate panels.
- **Response Actions:** Forensics-led investigations (treating exposure as compromise) and high-speed patching of zero-days.
## Attack Methodology
- **Initial Access:** Misconfigured automation workflows; Credential stuffing/harvesting.
- **Persistence:** Compromised administrative accounts in cloud management platforms.
- **Privilege Escalation:** Gaining administrative rights within Microsoft Entra environment.
- **Defense Evasion:** "Living off the Land" (LotL) by using legitimate tools like Microsoft Intune for destruction; avoiding conventional malware.
- **Credential Access:** Stolen credentials from exposed remote access services (74% of ransomware cases).
- **Discovery:** AI-assisted vulnerability discovery (Mythos model and hackerbot-claw).
- **Lateral Movement:** Supply chain hopping via developer ecosystems and shared libraries.
- **Collection:** Automated harvesting of source code repositories.
- **Exfiltration:** Theft of source code and sensitive data for extortion/monetization.
- **Impact:** Mass data destruction/remote wiping; Data theft/Non-encryption ransomware.
## Impact Assessment
- **Financial:** High potential (monetization via Vect ransomware partnership).
- **Data Breach:** Hundreds of internal repositories (Cisco); widespread developer ecosystem credentials.
- **Operational:** Massive disruption for Stryker (200k systems wiped globally); thousands of companies impacted via LiteLLM.
- **Reputational:** High-profile compromise of major security vendors (Aqua Security, Checkmarx).
## Indicators of Compromise
- **Network indicators:** Activity involving `hackerbot-claw` bot signatures [defanged].
- **Behavioral indicators:** Unusual administrative activity in Microsoft Intune (unauthorized mass remote-wipe commands); credential usage on exposed remote access services from anomalous IPs.
## Response Actions
- **Containment measures:** Immediate isolation of compromised developer environments; revoking credentials associated with LiteLLM and security scanners.
- **Eradication steps:** Forensic validation of environments following zero-day exposures.
- **Recovery actions:** Restoring Stryker services from backups (where available) following the Intune wipe.
## Lessons Learned
- **AI Asymmetry:** Attackers are successfully using AI frontier models to rapidly find and exploit vulnerabilities, outpacing traditional patch cycles.
- **Cloud Weaponization:** Administrative tools (Intune/Entra) are now high-value targets for destructive "malware-less" attacks.
- **Patching is Insufficient:** In the age of zero-days, patching alone does not guarantee safety; forensics is required to ensure no breach occurred *during* the exploitation window.
## Recommendations
- **Rapid Remediation:** Implement a "patch-within-hours" policy for all critical internet-facing vulnerabilities.
- **Defense in Depth:** Assume internet-facing systems will be exploited; implement host and network-level detection to catch post-exploitation movement.
- **MFA/Access Control:** Strictly enforce Multi-Factor Authentication (MFA) on all remote access and cloud management (Entra/Intune) accounts.
- **Supply Chain Security:** Audit and monitor all automation workflows and third-party library integrations (e.g., LiteLLM).