Today Handala, a suspected Iranian-based Threat Actor Group, successfully compromised the personal e-mail address of Kash Patel, the current Director of the United States Federal Bureau of Investigation

The e-mails have a date range from 2010 to 2022. It appears to be primarily photos from Mr. Patel. The dump is 1.06GB.

While this compromising is probably deeply embarrassing to Patel and the FBI, the e-mails are relatively benign. The photos present are:
- Him being goofy
- Photos of his family members
- Updates on family stuff
- Some kind of ice hockey thing
- Traveling stuff

Basically, Kash Patel looks like a regular guy who wants updates on what his family is doing.

From a public-relations perspective, this makes Kash Patel look like a family man and a goofy dork. Unfortunately, some mistakes were made and it resulted in his e-mail be compromised. That is embarrassing.

From a security perspective, to people who are enemies of the United States, this potentially endangers him or his family members who can now be easily identified.

TeamPCP has done ANOTHER supply chain attack.

My Brother in Christ, how many of these fuckin' things are you going to do? YOU'VE DONE 50 FUCKING SUPPLY CHAIN ATTACKS. 50 SUPPLY CHAIN ATTACKS IN EIGHT FUCKING DAYS.

March 19th:
- Trivy

March 20th:
- EmilGroup (28 packages)
- OpenGov (16 packages)
- Teale-io (eslint-config)
- AIRTM (uuid-base32)
- PypeSteam (floating-ui-dom)

March 23rd:
- Checkmarx

March 24th:
- LiteLLM

March 27th:
- Telnyx

Part of TeamPCP's success thus far has been the speed in which they operate.

tl;dr teampcp doing lots of supply chains, exhausting, smash and grab passwords, runaway, really tiring

Generally speaking, large scale supply chain attacks are quiet with the focus being silence and espionage. A notable example of this is SOLARWINDS supply-chain attack which was conducted by the Russian Federation. The goal is to discretely insert malicious code into a products update cycle. The payload would (under ideal circumstances) execute with specific triggers in place and BE QUIET. They don't want to set off any metaphorical alarms. You quietly watch and SLOWLY work.

TeamPCP (as of this writing) has focused on information exfiltration (stealing sensitive data, primarily credentials) which is more akin to a smash-and-grab rather staying silent and watching what people are doing with their binoculars.

A successful supply chain attack can be a DFIR (Digital Forensics and Incident Response) nightmare. Many organizations do not have an internal DFIR on staff, hence they consult with external entities. Suddenly with a supply chain attack you've got dozens of organizations contacting the same group of companies needing a forensic investigation launched.

These DFIR's can take time with reporting, identifying victims, potential PII or sensitive documents stolen, cooperation with law enforcement and legal departments (or external law firms) ... it can take days, weeks, or (depending on the scope of impact and bureaucracy) months.

And then suddenly there is another supply chain attack ... and then another ... and then another ... and then another ... with a total of 50 as of this writing. The best I can describe what I'm currently seeing is a "DFIR resource exhaustion" technique.

If you've got only a handful of DFIR firms spread thin across a dozen of so companies and then ANOTHER supply chain attack happens AND THEN ANOTHER AND THEN ANOTHER, with some organizations potentially being hit multiple times, it's a nightmare come alive.

TeamPCP (as of what we've learned thus far) successfully used a supply chain attack to pivot to other supply chain attacks. They're chaining chains.

The concern now is they've performed 50 supply chain attacks in 8 days. Is there anymore coming? Has any other vendor failed to rotate their security credentials correctly? Is any company not cooperating? What data was stolen? How many companies are even impacted? How many are unaware of what happened? How much user PII was stolen? How were these other supply chain attacks conducted?

The current prevailing theory is all of these supply chain attacks are the result of the initial Trivy supply chain attack, however (unironically) DFIR work must be conducted and more investigative work needs to be performed. It is dangerously to assert with high-confidence it is the result of the Trivy supply chain attack. If you're wrong, what if it's from something else we're not aware of yet? I'm sure not all details are public (yet). More information will come out eventually.

This sort of DFIR work would take months but now it's a race against the clock hoping another doesn't occur.

2026 starting off strong.

> be iranian threat actors
> compromise FBI directors personal email
> fast forward like, 5 hours
> $10,000,000 bounty on head

Opinion: I think Kash Patel is extremely mad

JD Vance: "the US government does not even prosecute fraud if it is under $1.5M per year"

Literally every criminal on the planet:

fuck it bro, im just gonna do credit card fraud casually i guess, just buying beef jerky and energy drinks at the gas station from some boomers stolen credit card

BeamMP, a popular mod for BeamNG Drive, was compromised.

Internet nerds are investigating the severity of it, but speculation is BeamMP was compromised and delivered malware to peoples machines.

Has your machine been bamboozled? Find out next time on Dragon Ball Z

Thank you HackingLZ, ramimacisabird, and MosheTov for keeping me up to date on the latest TeamPCP anime lore

I was incorrect. I missed parts of the TeamPCP anime yesterday. I was unaware of the full extent of the payload.

I was watching my baby boy yesterday, I was on Dad duty (he was trying to murder me), so I only briefly read on the TeamPCP drama. I was aware of the supply chain attack, usage of .wav files, but wasn't aware of the MsBuild

smh i need to stop spending time with my family fr

Someone just sent me this

You're all a bunch of god damn hooligans

Someone get Tim Apple on the phone and tell him to calm down. MacOS is premium real estate for malware right now.

How DARE THEY implement basic anti-malware techniques >:(

Also, I have a bunch of updates for vx-underground but I'm very eepy and lazy today. I'll sync it later.

Can someone tell TeamPCP to just give me the MsBuild .wav payloads? Everyone online is doing a whacky ass Easter Egg hunt looking for the shit.

Just give me the malware dawg, cmon. I got a baby boy, I don't got the time and energy anymore bro

> wake up
> check computer
> contacted by teampcp
> sends me msbuild and wav payload

its called science

I have been informed by the powers that be (my wife) that I cannot be on the computer today due to legal reasons (I have to run errands).

Please enjoy this poetry by Gary.

What the fuck is going on in Europe?

Who steals 12 TONS of KitKats? What do you even do with that many KitKats?

"I'd eat them".

False. That is impossible.

1 KitKat weights approx. 45g.

1lbs is approx. 450g.

Approx. 10 KitKats in a lbs.

12 tons is 24,000lbs.

That is roughly 240,000 KitKats

1 KitKat is approx. 230 calories.

That is approx. 55,200,000 calories.

The daily recommended calorie intake for an adult is 2,000 calories.

55,200,000 calories is 27,600 days of ideal calorie intake, or roughly 75 years.

March 20th: 15 TONS of gummy candy stolen from semi-trailer in Germany

March 29th: 12 TONS of KitKat bars stolen from Truck leaving Italy en-route to Poland

Who are you people?

Also, I'm not a European, so I don't understand the humor, but I see a bunch of people blaming Romanians. As an American I do not understand it, but apparently this is big humor for Europeans

Okay, before I make a silly post have some context. Rostelecom is the largest telecommunication company in Russia. If you're in the United States, Rostelecom is basically like their AT&T or Verizon. Anyway, Rostelecom has a Cyber Threat Intelligence division called "Solar Group".

Solar Group releases papers frequently on threats (specifically in the malware domain) targeting the Russian Federation.

I enjoy reading it because, as a person residing in the United States, my Threat Feed is usually threats facing people in the United States (or allies of the United States). Reading threats facing the Russian Federation I'm like, "oh no shit? yall too? lmfao das crazyyyy".

My absolute favorite though is reading papers from Chinese or Russian cybersecurity companies where they accuse the United States government of state-sponsored malware campaigns and the United States government is like, "pfffft? Me? No way, dawg. I'm A CHRISTIAN. You ARE THE BAD GUYS. We go to Church EVERY SUNDAY".

Then both the Russian Federation and Chinese government go like: ">:( u bitch"

But then they do the same thing to us, so it's whatever I guess. We're all doing silly shenanigans on the internet.

An example of the silly shenanigans is a Threat Actor who has compromised various law enforcement agencies in the Russian Federation. This Threat Actor is named "Eagle Werewolf" (what country uses the Eagle?).

Eagle Werewolf has been compromising law enforcement agencies in the Russian Federation, specifically exfiltrating data related to internal case files, active investigations, operational plans from law enforcement agencies, and any information on who the Russian Federation is actively investigating. Eagle Werewolf also appears to be attempting to map internal infrastructure and organization hierarchy (who is who in law enforcement, supervisors, general employees, etc).

That's weird. Why would this mysterious "Eagle Werewolf" want this information? Hmmmmm?