Neural Newscast

menu close

TeamPCP Supply Chain Attack and the Rise of Voice Phishing [Prime Cyber Insights]

/ 05:07/E1274
Today on Prime Cyber Insights, we examine a sophisticated supply chain attack by the threat actor TeamPCP, which has weaponized the Trivy vulnerability scanner and npm packages to deploy a self-propagating backdoor and an Iranian-targeted data wiper known as Kamikaze. We also cover the U.S. sentencing of Russian initial access broker Aleksei Volkov to 81 months in prison for his role in enabling multi-million dollar ransomware attacks for groups like Yanluowang, alongside new charges against a BlackCat ransomware negotiator. Finally, we analyze Mandiant’s latest M-Trends report, which identifies voice phishing as the leading initial access vector for cloud environments. These developments underscore a shift toward highly automated supply chain poisoning and more interactive social engineering tactics. Aaron Cole and Lauren Mitchell break down the technical implications for CI/CD pipelines and the increasing dwell times of espionage actors targeting edge infrastructure. We conclude with a look at how defenders must adapt to machine-speed hand-offs between access brokers and ransomware crews.

On this episode of Prime Cyber Insights, hosts Aaron Cole and Lauren Mitchell dive into the technical details of TeamPCP's latest campaign, which compromised Aqua Security's Trivy scanner and multiple npm packages. This operation features CanisterWorm, a self-propagating malware that leverages smart contracts for persistence and includes a 'Kamikaze' wiper specifically targeting systems in Iran. We transition to the legal front, discussing the 81-month sentence handed to Russian national Aleksei Volkov for his pivotal role as an initial access broker for the Yanluowang gang. We also dissect Mandiant’s 2026 M-Trends report, highlighting the surge in voice phishing—now the primary method for cloud intrusions—and the staggering 400-day dwell times associated with Chinese espionage groups targeting edge devices. This briefing provides essential context for practitioners navigating these evolving threat surfaces.

Topics Covered

  • 🚨 TeamPCP's supply chain compromise of Trivy and npm repositories.
  • 🛡️ The emergence of CanisterWorm and the Kamikaze data wiper.
  • ⚖️ Legal fallout for IAB Aleksei Volkov and BlackCat ransomware negotiators.
  • 📞 Mandiant M-Trends findings on the dominance of voice phishing in cloud attacks.
  • 🌐 The 'Living on the Edge' trend and extended dwell times for espionage actors.

Disclaimer: This podcast is for informational purposes only and does not constitute professional security advice.

Neural Newscast is AI-assisted, human reviewed. View our AI Transparency Policy at NeuralNewscast.com.

TeamPCP Supply Chain Attack and the Rise of Voice Phishing [Prime Cyber Insights]

headphones Listen Anywhere

More Options »
Broadcast by