TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)

A significant cloud breach has been confirmed by CERT-EU, affecting the European Commission, as part of the ongoing TeamPCP supply chain campaign. This development, occurring between April 1 and April 3, 2026, highlights the evolving nature of attack methods used by threat actors. Mandiant has quantified the campaign's impact, estimating over 1,000 SaaS environments have been compromised. The breach has also led to the emergence of details surrounding Sportradar, a company affected by the campaign. The TeamPCP supply chain campaign has been ongoing, with previous updates covering developments such as the compromise of Mercor AI and the attribution of the axios compromise to DPRK¹. The confirmation of the European Commission cloud breach signals potential downstream regulatory and supply-chain effects, making it crucial for practitioners to remain vigilant. This breach matters because it underscores the need for heightened security measures to protect against sophisticated supply chain attacks.