On 28 April 2026, SentinelLABS located a script through a Kubernetes-focused VirusTotal hunting rule that stood out from known cloud hack tools: the script’s first actions are to evict and delete tools associated with the TeamPCP attack group, leading us to call the toolset PCPJack. Analyzing this script led researchers to discover a comprehensive framework for cloud credential harvesting and propagation to internal and external systems.
TeamPCP stood out in early 2026 following the group’s Feb
