Vect and TeamPCP Ransomware Campaigns Target Supply Chains

Threat actor partnership uses supply chain credentials for mass ransomware

Understanding Vect and TeamPCP Supply Chain Ransomware Campaigns

Vect and TeamPCP ransomware campaigns have made headlines for their targeted attacks on supply chains and credential harvesting. These threat actors collaborate to obtain credentials from compromised third-party vendors, then use them to deploy ransomware at scale. The focus keyword, ‘Vect and TeamPCP ransomware campaigns,’ highlights the risk posed to organisations reliant on external partners.

How Vect and TeamPCP Operate: Techniques and Tactics

Recent research shows that Vect and TeamPCP are not acting alone but are working together to maximise the impact of their ransomware operations. Their main tactic is exploiting supply chain compromises, meaning they target third-party vendors that have access to multiple organisations’ systems. Once they breach a vendor, they harvest credentials that can be used to move laterally across interconnected networks.

Credential Harvesting Through Supply Chains

By compromising supply chain partners, Vect and TeamPCP gain access to privileged accounts. These credentials allow entry into multiple client networks, often with administrative permissions. This approach increases the attackers’ reach and enables them to deploy ransomware widely and rapidly.

  • Targeting third-party vendors with weak security controls
  • Harvesting credentials for privileged access
  • Using stolen credentials to bypass authentication systems
  • Deploying ransomware across multiple organisations

Collaboration for Wide-Scale Impact

The partnership between Vect and TeamPCP amplifies their capabilities. By sharing resources and intelligence, they can coordinate attacks that affect a broader range of victims. This makes their campaigns especially dangerous for organisations connected to vulnerable supply chain partners.

Why Vect and TeamPCP Ransomware Campaigns Matter

Vect and TeamPCP ransomware campaigns are significant because they exploit supply chain relationships, which are often overlooked in traditional cybersecurity planning. The use of stolen credentials from trusted third parties allows attackers to bypass many security barriers. For small and medium-sized businesses (SMBs), the risk is particularly acute because they may rely heavily on external vendors for IT services.

Increasing Threat to SMBs

SMBs are often targeted due to weaker security controls and limited resources. A supply chain compromise can cascade, leading to widespread ransomware deployment across multiple organisations. The financial and operational impact can be severe, with downtime, data loss and reputational damage.

Challenges in Detection and Response

Because these attacks use legitimate credentials, they can be difficult to detect. Traditional monitoring systems may not flag the activity as suspicious, especially if the attackers mimic normal user behaviour. This underscores the importance of monitoring authentication anomalies and lateral movement within networks.

Defensive Measures Against Supply Chain Ransomware Threats

To defend against Vect and TeamPCP ransomware campaigns, organisations should take a proactive approach to supply chain security. The following steps can help reduce risk and improve resilience:

  • Review third-party access: Regularly audit which vendors have access to your systems. Limit permissions to only what is necessary.
  • Enforce multi-factor authentication (MFA): Require MFA for all users, including those from third-party vendors. This adds an extra layer of protection against credential misuse.
  • Apply least privilege principles: Restrict access rights to minimum levels needed for job functions. Remove unnecessary permissions and accounts.
  • Monitor for anomalous authentication: Use security tools to detect unusual login attempts or patterns that may indicate credential abuse.
  • Watch for lateral movement: Monitor internal network activity for signs of attackers moving between systems.

Strengthening Supply Chain Cybersecurity

Supply chain security is not just about protecting your own network; it involves ensuring that partners and vendors meet acceptable cybersecurity standards. Organisations should:

  • Conduct regular security assessments of third-party vendors
  • Include cybersecurity requirements in contracts
  • Establish clear protocols for vendor onboarding and offboarding
  • Encourage vendors to implement strong identity and access management practices

Incident Response Planning

Prepare for potential supply chain compromises by developing and testing incident response plans. Ensure that your team knows how to respond to ransomware attacks, including isolating affected systems, communicating with stakeholders and restoring backups.

The Importance of Ongoing Vigilance

Vect and TeamPCP ransomware campaigns demonstrate that supply chain vulnerabilities are a growing concern. Continuous vigilance and improvement of security practices are essential. Organisations should stay informed about emerging threats and update their defences accordingly.

Key Takeaways

  • Supply chain compromises enable wide-scale ransomware deployment
  • Vect and TeamPCP use stolen credentials for lateral movement
  • SMBs are especially at risk due to reliance on external vendors
  • Regular reviews, MFA and least privilege can help mitigate risk
  • Incident response planning is vital for resilience

By understanding the tactics used in Vect and TeamPCP ransomware campaigns and adopting best practices, organisations can better protect themselves against supply chain threats.

Originally reported by sophos.com.

Share this bulletin

About the Author

Rob McBride Headshot - CyPro Partner and leading cyber security expert

Rob McBride

Partner

  • CISSP
  • ACA Chartered Accountant
  • MPhil
  • BSc
  • SOC 2
  • ISO 27001

Rob McBride

Rob is a Founding Partner at CyPro and a highly experienced CISO. Beginning his career with a successful tenure at Deloitte, Rob has since amassed a wealth of experience, notably serving as a cyber security advisor to the UK government and spearheading cloud security transformations for several global banks.

At CyPro, Rob leads the managed service business line, working extensively across multiple sectors including telecommunications, technology, higher education, travel, and retail. He is passionate about equipping small and medium-sized businesses (SMBs) with robust cyber security strategies to fuel their growth.

View Profile
Back to Bulletins
Category
Published
Jul 2 - 2026
Post Tags
Cypro firewall showing robust network security
Secure your business.
Elevate your security, accelerate your growth. We take care of cyber security for high-growth companies, at every stage of their journey.
Get in touch
CyPro Cookie Consent

Hmmm cookies...

Our delicious cookies make your experience smooth and secure.

Privacy PolicyOkay, got it!

We use cookies to enhance your experience, analyse site traffic, and for marketing purposes. For more information on how we handle your personal data, please see our Privacy Policy.

Schedule a Call