vect
49 posts
🚨‼️ UPDATE: Here is a selection of companies compromised in the recent TeamPCP supply chain attacks.
This is just a fraction, the full list likely runs into the thousands. 👀
MTN: mtn[.]com
Gravatar: gravatar[.]com
Zoopla: zoopla[.]co[.]uk
Ansys: ansys[.]com
Ansys GitHub: github[.]com/ansys
ACUITY: acuity[.]com
StarTech: startech[.]com
Lightning: lightning[.]ai
Grid: grid[.]ai
Proton: proton[.]ai
Finkargo: finkargo[.]com
Hillspire: hillspire[.]com
Agronod: agronod[.]com
Spaceship: spaceship[.]com[.]ai
Hicap: hicap[.]ai
Pytorchbearer: github[.]com/pytorchbearer
KCI AI Team: github[.]com/kci-ai-team
English
@ramimacisabird @LloydLabs @pcpcats @TheEnergyStory @HackingLZ @N3mes1s also the onion is down cuz we are implementing a huge update
English
📰Today in TeamPCP updates
- @LloydLabs finds more infra on 43.228.157[.]123
- TeamPCP/Cipherforce redirect their onion site to @vectrw's … which looks down (launch coming?)
- @pcpcats get their analyses of the msbuild.exe payload - from @TheEnergyStory @HackingLZ
& @N3mes1s
English
@ramimacisabird @LloydLabs @pcpcats @TheEnergyStory @HackingLZ @N3mes1s how did you even get a hold of cypherforce even?
English
vect me-retweet
Check out the full post: kudelskisecurity.com/research/inves…
IOCS live on #iocs?filter=attacker" target="_blank" rel="nofollow noopener">ramimac.me/teampcp/#iocs?…
English
🐈⬛Meet nsa[.]cat
Kudelski's IR writeup is flying under the radar, and it's the first with TeamPCP post-exploit IOCs you can hunt
TrufflesHog scans led back to an attacker VPS hosting not just this file share, but target lists & MinIO storage
This is one to read 🧵
English
This is only the beginning, consider it phase one of the operation
vx-underground@vxunderground
TeamPCP has done ANOTHER supply chain attack. My Brother in Christ, how many of these fuckin' things are you going to do? YOU'VE DONE 50 FUCKING SUPPLY CHAIN ATTACKS. 50 SUPPLY CHAIN ATTACKS IN EIGHT FUCKING DAYS. March 19th: - Trivy March 20th: - EmilGroup (28 packages) - OpenGov (16 packages) - Teale-io (eslint-config) - AIRTM (uuid-base32) - PypeSteam (floating-ui-dom) March 23rd: - Checkmarx March 24th: - LiteLLM March 27th: - Telnyx
English
@IntCyberDigest Stop glamorising these fkwits.
wtf is wrong will all of you?
these little shits just destroyed a whole bunch of businesses, & cost hard working people a fortune.
Mindless brats.
Not to mention the destruction of trust and the fking economic repercussions.
English
🚨‼️ We're in contact with the actor behind the Trivy and LiteLLM hack. They told us they are currently extorting several multi-billion-dollar companies from which they've exfiltrated data.
They've obtained 300 GB of compressed credentials and are working their way through them as we speak.
The LiteLLM compromise alone led to half a million stolen credentials, according to the threat actor.
Their message to the world: "TeamPCP is here to stay. Long live the supply chain."
They've sent us their new logo (see image) and also teamed up with several threat actors, including Xploiters and Vect.
English
vect me-retweet
🛑 CRITICAL UPDATE: The cyber underground is mobilizing.
Vect Ransomware + BreachForums + TeamPCP have formed a dangerous new alliance. They are scaling up for mass ransomware operations.
Here's the Threat:
1️⃣ 300K+ Affiliates: Turn the forum community into a malware workforce.
2️⃣ Supply Chain Attacks: TeamPCP provides the entry via Trivy & LiteLLM.
3️⃣ DevOps & AI Focus: Compromising the tools that secure & power enterprise infrastructure.
Threat Intelligence used to be about yesterday's news. Today, it’s about anticipating tomorrow’s mass-scale attack. Don't be the next headline.
🛡️Full breakdown & details: Darkfeed.io
#CyberSecurity #ThreadIntel #Ransomware #Darknet #DevOps #AI
English
@vectrw @DarkWebInformer it's not. Btw you put my photo on your avatar.
English
@INSPEKTTOR we have more than 300 unreleased victims, but whatever you say big boy
English
dudde you dont even have 50 victims u are a joke in other words thats what it takes me a single person to achieve in the spawn of 3 months
anhywas
vect@vectrw
A major partnership with Breached.st is on the way, as a well deserved congratulations to Hassan for his recent victory.
English
gather up ppl today i report hasanbroker to europool
well not me but ill tell someone to anys
@KurtRustles @SPYDIRBYTE @IntCyberDigest @vectrw
English
BreachForums servers identified as ShinyHunters attempt data dump
ShinyHunters dumped 2 corporate databases and allegedly attempting to drop more stolen victim data on the BreachForums CDN which has been identified and currently down
/breachforums[.]as — 164.90.223[.]186
BF h/t @Ced_haurus
Good timing @CCITIC_ORG
English
@vectrw @CCITIC_ORG I just peeped those report abuse emails. Hassan and his crew of clowns can go kick rocks.
English
@CCITIC_ORG took no action in this matter. All credit belongs to Hassan and his team for successfully executing the takedown and exposing the associated IP addresses.
That intelligence company is attempting to exploit the situation for their own benefit.
Dark Web Informer@DarkWebInformer
.@CCITIC_ORG (Cyber Counter-Intelligence Threat Investigation Consortium) has identified the AS BreachForums servers. They have a message for the forum: "Sleep better tonight, your leaked data is on vacation." fr.linkedin.com/posts/ccitic_d…
English
A major partnership with Breached.st is on the way, as a well deserved congratulations to Hassan for his recent victory.
vect@vectrw
@CCITIC_ORG took no action in this matter. All credit belongs to Hassan and his team for successfully executing the takedown and exposing the associated IP addresses. That intelligence company is attempting to exploit the situation for their own benefit.
English
YOU ARE ACCESSING A U.S. GOVERNMENT (USG) INFORMATION SYSTEM (IS) THAT *
* IS PROVIDED FOR USG-AUTHORIZED USE ONLY. BY USING THIS IS (WHICH *
* INCLUDES ANY DEVICE ATTACHED TO THIS IS), YOU CONSENT TO THE *
* FOLLOWING CONDITIONS: *
* -THE USG ROUTINELY INTERCEPTS AND MONITOR...
English