TeamPCP and BreachForums Offer $1,000 for Supply Chain Attacks
Key Takeaways A new contest launched by TeamPCP and BreachForums incentivizes open-source supply chain attacks. Participants are tasked with infecting as many open-source packages as possible using...
Key Takeaways
- A new contest launched by TeamPCP and BreachForums incentivizes open-source supply chain attacks.
- Participants are tasked with infecting as many open-source packages as possible using the “Shai-Hulud” tool.
- Despite a modest $1,000 Monero prize, the initiative aims to recruit lower-tier hackers and expand TeamPCP’s access-broker operations.
- The contest poses significant risks to the software supply chain, potentially leading to widespread compromise of CI/CD secrets, cloud credentials, and enterprise source code.
The dark corners of the cybercrime world are now actively promoting open-source supply chain attacks through a new, unsettling competition.
Table Of Content
Following a sustained campaign of infiltrating critical security tools and continuous integration/continuous deployment (CI/CD) pipelines, the notorious hacking collective TeamPCP has joined forces with BreachForums to inaugurate a new contest. This initiative aims to encourage the widespread infection of open-source software packages.
The objective for participants is to compromise as many open-source packages as possible. The incentive for this destructive activity is a comparatively small sum of $1,000, paid in Monero cryptocurrency.
Intelligence gathered from the dark web indicates that the contest mandates the use of an open-source attack utility dubbed “Shai-Hulud.”
To qualify, hackers must register their forum identities and furnish verifiable proof of successful system access.
Winners are determined based on the cumulative weekly and monthly download statistics of the compromised packages.
This scoring mechanism explicitly encourages indiscriminate, worm-like attacks across the software ecosystem by permitting attackers to aggregate the download counts from numerous smaller packages.
Cybercrime Syndicate Launches Supply Chain Attack Contest
While the potential impact on the supply chain is severe, the $1,000 reward seems disproportionately low given the extent of damage that can be inflicted.
Successful supply chain compromises can expose highly sensitive assets, including CI/CD secrets, cloud access credentials, developer tokens, and proprietary enterprise source code.

For experienced cybercriminals, access to such valuable assets typically commands a price far exceeding one thousand dollars. Cybersecurity experts interpret this contest as a strategic recruitment tactic, designed to attract less experienced hackers willing to sacrifice valuable access in exchange for reputation and prestige within cybercrime communities.
By crowdsourcing these malicious activities, TeamPCP effectively manipulates novice hackers into performing the foundational work, while the syndicate itself reaps the broader benefits from the compromised infrastructure.
TeamPCP has a well-documented history of targeting critical infrastructure, GitHub Actions, Docker images, and popular package managers such as npm and PyPI. The group specializes in breaching tools that inherently possess elevated privileges, enabling them to harvest credentials for subsequent, more extensive attacks.
According to Socket Research, TeamPCP recently forged a partnership with the ransomware collective Vect. Their credential theft operations have already impacted diverse sectors, including AI firms, government cloud services, manufacturing, and enterprise technology providers.
The release of Shai-Hulud as an open-source tool allows TeamPCP to expand its pipeline for brokering access. While a $1,000 prize may not entice elite threat actors, the ensuing wave of copycat attacks represents a dangerous new layer of risk for open-source maintainers and enterprise security teams alike.
What You Should Do
- Implement Software Supply Chain Security: Utilize tools and practices that monitor and secure your entire software supply chain, from development to deployment.
- Vet Open-Source Dependencies: Thoroughly scrutinize all open-source packages used in your projects for known vulnerabilities or suspicious behavior. Employ automated scanning tools.
- Strengthen CI/CD Pipeline Security: Secure your CI/CD environments with robust access controls, multi-factor authentication, and regular audits.
- Monitor for Anomalous Activity: Continuously monitor developer accounts, package repositories, and build environments for any unusual logins, code changes, or package uploads.
- Educate Developers: Train development teams on the risks of supply chain attacks, secure coding practices, and how to identify suspicious packages or requests.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.