TeamPCP Supply Chain Attack Compromises Trivy Scanner and Major Security Firms

The threat group TeamPCP executed a sophisticated supply chain attack beginning March 19 that compromised Trivy, a widely-used open-source vulnerability scanner, along with GitHub Actions workflows from multiple security vendors including Checkmarx and Bitwarden. Security researchers have characterized the incident as one of the largest supply chain compromises in recent years, with the attackers maintaining persistent access across multiple platforms for weeks after initial discovery.

Attack Timeline and Scope

TeamPCP initiated the attack on March 19 by compromising virtually all versions of Aqua Security's Trivy vulnerability scanner after gaining privileged access to the company's GitHub account. The attackers leveraged stolen credentials from a previous, unrelated incident to establish their foothold, then injected malware into official GitHub Actions workflows and Docker images associated with the scanning tool.

Four days later, on March 23, TeamPCP expanded their operation by compromising GitHub Actions for Checkmarx KICS and Checkmarx AST security scanning tools. However, the attackers maintained access to compromised accounts even after Checkmarx discovered the breach on March 23, with subsequent remediation attempts failing to fully expel the threat actors.

CrowdStrike investigators traced the compromise after detecting a spike in script execution alerts linked to the compromised aquasecurity/trivy-action GitHub Action. The security firm Bitwarden was also affected in the same wave of attacks targeting security tool vendors.

Technical Characteristics

The malware deployed by TeamPCP exhibits worm-like propagation capabilities, enabling automatic spread to new systems without requiring user interaction. This self-replicating functionality significantly amplifies the potential impact across CI/CD pipelines where these tools are commonly integrated.

The payload includes a targeted data wiper component specifically designed to target Iranian systems, suggesting geopolitical motivations alongside the broader supply chain compromise objectives. This selective targeting mechanism operates independently of the worm propagation features, indicating sophisticated payload differentiation based on victim geography or system characteristics.

The choice of Trivy as an initial vector proved particularly effective given the scanner's widespread adoption in DevSecOps workflows. Organizations commonly integrate vulnerability scanners directly into their CI/CD pipelines, creating a natural distribution mechanism for malicious payloads across development and production environments.

Persistence and Remediation Challenges

A notable aspect of this campaign was the attackers' ability to maintain access across multiple compromised accounts even after discovery. Following Checkmarx's March 23 identification of the compromise, TeamPCP continued operating from the same GitHub accounts for an extended period, demonstrating sophisticated persistence techniques and potentially indicating incomplete visibility into the full scope of compromised credentials.

This persistence challenge reflects broader difficulties in supply chain incident response, where the interconnected nature of modern development toolchains can create multiple entry points and fallback access methods for determined attackers. The 40-day period during which attackers maintained access to deliver malware to Checkmarx customers illustrates the complexity of fully securing compromised development infrastructure.

Industry Context and Historical Patterns

Looking at the broader pattern, this incident represents an evolution in supply chain targeting strategies we have seen develop over the past several years. The SolarWinds compromise in 2020 demonstrated the effectiveness of targeting widely-deployed infrastructure tools, while more recent incidents like the PyPI and npm package compromises showed attackers adapting to cloud-native development practices.

What distinguishes the TeamPCP campaign is the simultaneous targeting of multiple security vendors specifically—a meta-attack on the tools organizations deploy to detect and prevent exactly these types of compromises. This approach creates a particularly insidious scenario where the very infrastructure designed to enhance security posture becomes the vector for compromise.

The worm-like propagation capabilities also represent a concerning development in supply chain attack methodologies. Unlike traditional supply chain compromises that rely on organizations pulling compromised updates, self-propagating malware can spread laterally across interconnected systems without requiring additional administrative actions.

Assessment and Implications

The targeting of security scanning tools specifically creates cascading trust issues throughout the development ecosystem. Organizations that integrated these compromised tools into their CI/CD pipelines may have inadvertently distributed malware across multiple projects and environments, requiring extensive forensic analysis to determine the full scope of impact.

Kaspersky researchers have characterized this as one of the most significant supply chain attacks in modern cybersecurity history, noting both the breadth of affected tools and the sophisticated persistence mechanisms employed by the attackers.

The incident highlights fundamental challenges in securing the modern software development lifecycle, where organizations must balance development velocity with security validation of third-party tooling. The compromise of tools specifically designed to enhance security posture creates a particularly complex risk scenario for affected organizations.

Recovery efforts will likely extend well beyond the immediate remediation of compromised accounts and packages. Organizations utilizing these tools during the compromise window face extensive code review and system validation requirements to ensure their own development pipelines remain uncompromised. The self-propagating nature of the deployed malware further complicates this process, as traditional containment strategies may prove insufficient against worm-like spreading mechanisms.

This campaign demonstrates the continued evolution of supply chain attack methodologies and the growing sophistication of threat actors targeting development infrastructure. The combination of persistent access, worm-like propagation, and targeted payload delivery represents a concerning advancement in supply chain compromise techniques that security teams will need to address in their defensive strategies.