The heart of software production under enemy control
Imagine your most trusted security tool is actually the gateway for an attacker. The TeamPCP group has demonstrated that the perimeter is no longer the firewall, but your CI/CD pipeline. By compromising trusted components, attackers gain direct access to your most valuable assets: infrastructure secrets and source code.
Context: The vulnerability of implicit trust
Modern development relies on an extensive chain of automation tools. The current problem lies in the exploitation of this trust. TeamPCP orchestrated a campaign focusing on essential tools such as the Trivy vulnerability scanner and Checkmarx solutions, proving that a failure in a single vendor can trigger a domino effect across thousands of companies.
How the attack happens in practice
The attack dynamics executed by TeamPCP move away from generic theory and focus on systems engineering and workflow manipulation:
1. Runner and Memory Compromise
The initial attack targeted Trivy (CVE-2026-33634). With access to the runners β the code execution environments β the malware extracted sensitive tokens and credentials directly from memory during workflow execution. This bypasses static file protections.
2. Tag Manipulation and Version Pinning
By gaining access to repositories such as Checkmarx KICS, attackers rewrote version tags. They pointed stable tags like 'v1' or 'latest' to malicious Docker images under their control. Companies that did not use the specific commit hash (SHA) automatically downloaded the malicious code.
3. Secret Exfiltration and Immediate Use
The malware captured environment variables containing API keys, cloud credentials, and Kubernetes configurations. This data was sent to command and control servers, where automated bots used the keys in seconds to access new infrastructures, automating propagation.
Impact for companies
The consequences go beyond simple data loss. Secret theft allows persistent access to cloud infrastructure, enabling resource destruction, intellectual property theft, and irreversible reputational damage when infected packages are published in the company's name on registries like npm.
How to defend your pipeline
To mitigate risks in a compromised supply chain, execution must be technical:
- Version Pinning (Immutability): Never use tags like 'latest'. Use the specific SHA-256 of the Docker image or the GitHub Actions commit to ensure the executed code has not been altered.
- Dynamic Secrets Management: Use password vaults with automatic rotation. Avoid using permanent keys in long-term environment variables.
- Runner Auditing: Implement integrity checks in execution environments and limit the network scope of these runners so they cannot exfiltrate data to unknown IPs.
Antisec View
In our Red Team operations, we simulate exactly these artifact substitution vectors. We have already demonstrated in real scenarios how the lack of governance over third-party dependencies allows for privilege escalation from a local developer to a global cloud administrator in minutes. Antisec's offensive security focuses on testing your pipeline's resilience against these aggressive automations.
Conclusion
The TeamPCP attack is a reminder that the code you didn't write is your greatest risk. If your CI/CD process assumes that every signed tool is secure, your infrastructure is already exposed. The urgency to review these processes is immediate.
Protect your supply chain
Don't wait for a secret leak to validate your pipeline. Contact Antisec for a technical offensive security assessment and discover where your development's blind spots are.
