"Once the hackers broke into those systems, they immediately kicked out TeamPCP hackers and removed their tools, according to a new report by cybersecurity firm SentinelOne. From there, the hackers use their access to deploy code designed to replicate across different cloud infrastructure like a self-spreading worm, steal various types of credentials, and finally send the stolen data back to their infrastructure."
"TeamPCP is a cybercriminal group that has gathered headlines in the last few weeks, thanks to a series of high profile hacks attributed to the group. Those hacks have included a breach of the European Commission's cloud infrastructure, and a broadscale cyberattack against widely used vulnerability scanner tool Trivvy, which affected any company that relied on it, including LiteLLM and AI recruiting startup Mercor, among others."
"At this point, Delamotte said her three theories are that the hackers are either disgruntled ex-TeamPCP members; are part of a rival group; or a third party "who chose to directly model their attack tools on TeamPCP's earlier campaigns," many of which targeted cloud infrastructure. "The services targeted by PCPJack strongly resemble the December-January TeamPCP campaigns, before the alleged change in group membership that happened in February-March," said Delamotte."
An unusual hacking campaign targeted systems already compromised by TeamPCP, a prolific cybercrime group. After gaining access, the attackers expelled TeamPCP hackers and removed their tools. The attackers then deployed self-replicating code to spread across cloud infrastructure, stole multiple types of credentials, and sent the stolen data back to their own infrastructure. TeamPCP has been linked to major breaches, including an incident involving European Commission cloud infrastructure and an attack affecting the vulnerability scanner tool Trivvy, impacting companies that relied on it. The identity of the new attackers remains unclear, with possibilities including former TeamPCP members, a rival group, or a third party modeling tools on TeamPCP methods.
#cloud-infrastructure-attacks #credential-theft #worm-like-malware #cybercrime-groups #vulnerability-scanning-compromise
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]