Full Report
Multi-ecosystem supply chain compromise by TeamPCP targets GitHub, NPM, and VSCode to steal credentials and establish persistence.
Analysis Summary
# Threat Actor: TeamPCP
## Attribution & Identity
**Identified Actor:** TeamPCP
**Confidence Level:** Moderate
**Identity Notes:** Attribution is based on infrastructure overlaps, malware functionality, and operational patterns identified by researchers. The group demonstrates high operational maturity and coordination across multiple platforms.
## Activity Summary
On May 19, 2026, TeamPCP launched a multi-ecosystem supply chain campaign targeting the developer community. The attack involved compromising the NPM registry (specifically the `@antv` namespace), GitHub Actions (`actions-cool/issues-helper`), and a VSCode extension (`nrwl.angular-console` v18.95.0). The campaign focused on stealing high-value developer credentials and establishing persistent backdoors in CI/CD and local environments.
## Tactics, Techniques & Procedures
* **Supply Chain Compromise:** Injecting malicious code into popular developer tools and packages (NPM, VSCode extensions, GitHub Actions).
* **Multi-Stage Infection:** Initial scripts triggered the retrieval of secondary payloads from GitHub-hosted infrastructure.
* **Evasion:** Using orphaned GitHub commits to host payloads, making detection difficult via standard repository scanning.
* **Execution:** Utilizing the `bun` runtime to execute secondary malicious payloads.
* **Credential Harvesting:** Automated collection of GitHub tokens, SSH keys, cloud provider secrets, and browser-stored credentials.
* **Data Exfiltration:** Creating new, public GitHub repositories from within the victim's environment to exfiltrate stolen data.
* **Persistence:** Installing a Python-based backdoor and configuring `systemd` (Linux) or `LaunchAgents` (macOS) for automatic execution.
* **C2 Communication:** Polling GitHub for signed messages containing specific triggers (`firedalazer`) to execute remote Python code.
## Targeting
* **Sectors:** Software Development, Open Source maintainers, and organizations using CI/CD pipelines.
* **Geography:** Global (targeting distributed open-source contributors).
* **Victims:** Users of the `@antv` NPM packages, `actions-cool/issues-helper` GitHub Action, and the `nrwl.angular-console` extension.
## Tools & Infrastructure
* **Malware:**
* Python-based backdoor: `cat.py`
* Persistence scripts: `com.user.kitty-monitor.plist` (macOS), `kitty-monitor.service` (Linux)
* **Infrastructure (Defanged):**
* **C2 Trigger:** `api.github[.]com/search/commits?q=firedalazer`
* **Backup C2:** `m-kosche[.]com` (185.95.159[.]32)
* **Repository Indicator:** Repositories with description `niagA oG eW ereH :duluH-iahS`
## Implications
TeamPCP represents a sophisticated threat to the software supply chain. By targeting the tools developers trust most (IDE extensions and CI/CD actions), they can bypass traditional perimeter defenses. The focus on authentication material (SSH/Cloud keys) suggests the actor intends to move laterally into corporate cloud environments or conduct further downstream supply chain attacks.
## Mitigations
* **Incident Response:** Search for the presence of `~/.local/share/kitty/cat.py` and the persistence services listed above.
* **Secret Rotation:** Immediately rotate all GitHub tokens, SSH keys, and cloud credentials that were present on potentially infected machines.
* **Audit GitHub Activity:** Monitor for the unauthorized creation of public repositories or unusual workflow executions in your GitHub organization.
* **Pipeline Security:** Implement dependency allowlisting and use Software Bill of Materials (SBOM) tools to verify the integrity of packages and extensions used in development.
* **Environment Hardening:** Monitor for unusual outbound network traffic from CI/CD runners to unexpected GitHub API queries.