TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)
Summary
This article, the seventh update on the TeamPCP supply chain campaign, details the theft of Cisco source code through a breach linked to the Trivy security scanner. Google GTIG tracks the threat actor as UNC6780, and the update also notes the CISA KEV deadline passing without a standalone advisory.
IFF Assessment
This campaign represents a significant threat as it involves the compromise of source code and a widespread supply chain attack vector targeting security tools.
Defender Context
This campaign highlights the critical importance of securing the software supply chain and monitoring for compromises of widely used security tools. Defenders should be vigilant about the integrity of their development and deployment pipelines, and be prepared to investigate potential backdoors or compromised dependencies.