TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)

A significant development in the TeamPCP supply chain campaign has emerged, with Mercor AI confirming a breach tied to the LiteLLM supply chain compromise, marking the first official victim disclosure¹. This update to the ongoing threat intelligence report consolidates intelligence through April 1, 2026, and highlights the evolving nature of the attack methods. The breach of Mercor AI, an AI recruiting startup, underscores the potential for downstream regulatory and supply-chain effects. The campaign's tactics, including dual ransomware operations and cloud enumeration, pose a substantial threat to organizations. As the situation continues to unfold, practitioners should be vigilant for potential vulnerabilities in their own supply chains. The confirmation of Mercor AI as a victim signifies a critical milestone in the campaign, and its implications will likely be felt across the industry, making it essential for organizations to reassess their security posture.