TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)

Key Points:

• CERT-EU confirmed a breach of the European Commission's cloud infrastructure via the Trivy supply chain compromise (CVE-2026-33634), marking a significant governmental victim disclosure.
• The breach affects AWS-hosted services, with TeamPCP's harvested credentials being exploited against high-value targets, including 161 client organizations of Sportradar AG, leading to systemic compromise risks.
• Organizations should review CERT-EU's advisory for exposure indicators and consider immediate credential rotation to mitigate risks associated with ongoing credential exploitation.

Technical Details: The Trivy supply chain compromise (CVE-2026-33634) allowed attackers to exploit AWS credentials, leading to unauthorized access and data breaches across multiple SaaS environments.

MITRE ATT&CK Techniques:

• T1078 - Valid Accounts (Defense Evasion, Initial Access)
• T1190 - Exploit Public-Facing Application (Initial Access)

IOCs Mentioned:

• frps
• gost