London – On July 2, 2026, the Sophos Counter Threat Unit published a detailed threat intelligence report describing a formal operational partnership between the Vect ransomware group and the credential-harvesting collective TeamPCP, also known in criminal forums as PCPcat, ShellForce and DeadCatx3. Researchers state that the alliance creates an industrialized ransomware model by pairing TeamPCP’s large-scale supply chain credential theft operations with Vect’s automated ransomware deployment infrastructure. According to Sophos, this coordination allows attackers to move quickly from the compromise of software development environments to the mass delivery of ransomware, increasing both the speed and scale of extortion campaigns. London – The report highlights TeamPCP’s role in high-profile supply chain intrusions, including a March 2026 campaign that targeted Aqua Security’s Trivy vulnerability scanner. That attack led to the compromise of more than 10,000 continuous integration and continuous delivery workflows and the theft of over 500,000 login credentials, such as cloud tokens and API keys. Sophos notes that TeamPCP has also collaborated with other major extortion groups, including Lapsus$, and previously ran its own CipherForce ransomware. Vect, a rapidly growing ransomware-as-a-service operation that began recruiting affiliates on the Russian-language Rehub forum on December 31, 2025, claimed its first victims in January 2026 and released its Vect 2.0 variant in February.
Prepared by Jonathan Pierce and reviewed by editorial team.
This new cybercrime alliance means faster, larger-scale ransomware attacks. Your personal or business data could be at risk. It's crucial to keep your software updated and use strong, unique passwords. Consider using a password manager.
Cybersecurity isn't just for techies anymore. With groups like Vect and TeamPCP joining forces, the threat is real and growing. Stay vigilant with your digital hygiene. Worth forwarding if you know someone who's lax about updates or passwords.
Not specified in source.
Not specified in source.
No left-leaning sources found for this story.
No right-leaning sources found for this story.
Comments