TeamPCP Supply Chain Campaign: A March 2026 Retrospective

In March 2026, TeamPCP leveraged a single unrevoked CI credential to orchestrate an unprecedented, automated five-phase supply chain attack cascading through major security vendors, harvesting secrets to fuel each stage and culminating in both global credential theft and a destructive, Iran-targeted filesystem wiper—exposing the devastating impact of persistent access, trusted tooling compromise, and the convergence of financial and destructive motives.