TeamPCP Supply Chain Attack Targets Trivy Security Tool

A sophisticated supply chain attack targeting Trivy, a widely used open-source vulnerability scanner, has compromised CI/CD pipelines, exposing sensitive credentials, deploying persistent backdoors, and triggering the spread of a self-propagating worm across developer environments. The incident highlights a growing shift in attacker strategy, where even trusted security tools are being weaponized to infiltrate enterprise systems at scale. Trivy, commonly integrated into Continuous Integration (CI) and Continuous Deployment (CD) workflows to scan for vulnerabilities, became the focal point of a multi-phase campaign that unfolded over several weeks.

According to security experts, the breach originated from a misconfigured GitHub Actions workflow, which allowed an automated bot to steal a personal access token. Although the compromised credentials were identified and rotated, the remediation was incomplete. This oversight enabled attackers associated with the TeamPCP group to regain access and escalate the attack at a later stage.

Once inside, the attackers inserted malicious code into official repositories and manipulated version tags. In a critical move, the majority of these tags were redirected to compromised code, meaning developers unknowingly downloaded and executed infected versions of Trivy. This allowed attackers to silently infiltrate CI/CD pipelines and developer machines.

The primary objective of the campaign was large-scale credential harvesting. Sensitive data was extracted directly from system memory, including SSH keys, cloud credentials across major providers, Kubernetes tokens, Docker registry credentials, database passwords, TLS private keys, and even cryptocurrency wallet files. The stolen information was then encrypted and exfiltrated through seemingly legitimate channels, making detection significantly more challenging. Security researchers warn that the impact of this data exposure could extend far beyond initial victims, potentially affecting thousands of downstream environments that rely on compromised pipelines.

One of the most alarming aspects of the attack was the deployment of a persistent backdoor on infected systems. When the malicious Trivy binary was executed, it installed a hidden service that enabled continuous remote access. This backdoor leveraged decentralized command-and-control infrastructure, making it highly resistant to traditional takedown efforts and difficult for defenders to detect.

The attack did not stop there. Using the stolen credentials, threat actors launched a worm known as CanisterWorm, which rapidly spread through the Node Package Manager (npm) ecosystem. More than 47 npm packages were compromised, allowing the malware to propagate across developer environments and automated workflows. In some cases, dozens of packages were infected within seconds, turning routine software installations into vectors for further compromise. Experts note that this campaign represents a new level of sophistication in supply chain attacks. By combining credential theft, repository tampering, tag manipulation, and worm-like propagation, attackers were able to maximize both reach and persistence.

Unlike traditional cyberattacks that target individual organizations, this operation focused on upstream infrastructure tools and platforms that are widely trusted and deeply embedded in development pipelines. Because such tools often operate with elevated privileges and are rarely scrutinized during runtime, they present an attractive and high-impact target for threat actors. Security leaders are now warning that organizations should expect follow-on attacks, including further breaches and potential extortion attempts, as attackers continue to exploit the vast amount of stolen credentials.

The incident serves as a stark reminder that trust alone is no longer sufficient in modern software development environments. Organizations are being urged to adopt stricter security practices, including limiting privileges within CI/CD pipelines, continuously monitoring for anomalies, rotating credentials regularly, and verifying the integrity of all third-party tools and dependencies As supply chain threats continue to evolve, the Trivy breach underscores a critical reality for enterprises securing the development pipeline is no longer optional it is essential to maintaining overall cybersecurity resilience.

Recommended Cyber Technology News :

• MorganFranklin Cyber Rebrands as Arcova to Expand AI and Cybersecurity Capabilities

• NIST Releases Cybersecurity Risk Management Guide

• Azure AI Foundry Strengthens AI Cybersecurity

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com