TeamPCP – also known as PCPcat, ShellForce and DeadCatx3 – is believed to consist of individuals previously associated with The Com, a loosely connected network of predominantly English-speaking cybercriminals.
With many high-profile supply chain attacks under its belt that took place between March and May 2026, including the Trivy, Checkmarx and Telnyx compromise, where TeamPCP compromised trusted software and harvested valuable credentials, they also partnered with established extortion groups, including Lapsus$, to monetise the stolen data.
The latest partnership with Vect represents another step in TeamPCP’s strategy of collaborating with ransomware operators that can exploit the information it steals.
Supply chain attacks become a direct route to ransomware
Instead of carrying out every stage of an operation by themselves, crime groups are playing on their individual strengths and combining resources to maximise impact.
