Security researchers have identified a significant breach involving Microsoft’s official Python workflow SDK. The TeamPCP hacking group has reportedly infiltrated three versions of this SDK, embedding a multi-cloud credential-stealing worm as part of an ongoing supply chain campaign in 2026.
TeamPCP Targets Microsoft SDK
TeamPCP, also known by aliases PCPcat and DeadCatx3, has been an active threat in 2026, focusing on supply chain vulnerabilities. Their latest target, the Microsoft Python client for the Durable Task framework, has been compromised in versions 1.4.1 through 1.4.3, according to cybersecurity firm Wiz. The compromised packages have been quarantined by PyPI following the discovery.
The group’s campaign, dubbed Mini Shai-Hulud, initially targeted Aqua Security’s Trivy scanner in March and has since expanded to affect Checkmarx GitHub Actions, LiteLLM, and numerous npm packages. On May 19, 2026, TeamPCP further extended its reach by compromising over 300 packages within the @antv npm ecosystem.
Technical Details of the Breach
Wiz’s analysis indicates that the attack on the durabletask client occurred shortly after a similar breach of guardrails-ai on May 11. The infection chain traces back to the @antv npm ecosystem compromise. A GitHub account involved in these attacks was found to have targeted the microsoft/durabletask-python repository, with malicious activities recorded between 15:08 UTC and 15:16 UTC.
The attackers managed to infiltrate the GitHub account using previously obtained credentials, which allowed them to publish compromised versions to PyPI, bypassing standard code review protocols. The malware, named rope.pyz, is an evolution of an earlier payload used in previous attacks, targeting Linux systems and spreading through multiple entry points.
Impact and Security Measures
The malware executes a broad credential theft operation, impacting AWS IAM credentials, Azure service accounts, GCP tokens, and more. It further spreads through AWS SSM and Kubernetes, potentially affecting multiple systems per compromised host. The attackers have also advanced their command and control infrastructure, now utilizing domain-based servers with SSL verification.
Security teams are advised to audit systems for compromised versions of the durabletask package, inspect for infection markers, and rotate all potentially exposed credentials. Blocking access to identified malicious command and control domains, such as check.git-service.com, is also recommended to mitigate further risks.
Stay updated with the latest cybersecurity news by following us on Google News, LinkedIn, and X.
