TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim, (Fri, Mar 27th)
Summary
This article provides an update on the TeamPCP supply chain campaign, detailing the compromise of Telnyx's PyPI, the expansion of the Vect ransomware's affiliate program, and the first named victim to claim a payoff. The update covers developments from March 26-27, 2026, following a previous report.
IFF Assessment
This update highlights a sophisticated supply chain attack, a ransomware affiliate program, and a successful victim payoff, all of which represent advancements and successes for threat actors.
Defender Context
This campaign underscores the persistent threat of supply chain attacks, where legitimate software repositories like PyPI can be compromised to distribute malicious code. Defenders should remain vigilant about software dependencies and monitor for unusual activity within their development pipelines.