Hackers are increasingly targeting not just companies and users, but other hackers. A new campaign discovered by SentinelOne involves an unknown group attacking systems already compromised by the cybercrime group TeamPCP. After gaining access, the attackers remove TeamPCP’s tools, spread malware across cloud infrastructure, steal credentials, and send the stolen data back to their own servers.

TeamPCP recently gained attention for major cyberattacks, including breaches affecting the European Commission and companies using the Trivvy vulnerability scanner, such as LiteLLM and Mercor. Researchers are unsure who is behind the new “PCPJack” campaign, but theories include former TeamPCP members, rival hackers, or copycat attackers.

The group also scans the internet for exposed cloud services like Docker and MongoDB, though their main focus appears to be TeamPCP-infected systems. Their goal is financial profit through selling stolen credentials, reselling system access, or extorting victims directly, rather than mining cryptocurrency.

Source: techcrunch.com