Skip to content
Tech News
← Back to articles

Hackers hack victims hacked by other hackers

2026-05-07 | original
read original get Cybersecurity Incident Response Kit → more articles
Why This Matters

This unusual hacking campaign highlights the evolving threat landscape where hackers target other hackers' compromised systems, potentially amplifying cyber risks for organizations. It underscores the importance of robust security measures and continuous monitoring to prevent malicious actors from exploiting vulnerabilities, even within already compromised networks.

Key Takeaways

Regular internet users and corporations are not the only victims of malicious hackers. Sometimes, the hackers themselves get hacked.

That is what happened in an unusual hacking campaign, where an unknown group of hackers targeted systems already compromised by a prolific cybercrime group known as TeamPCP. Once the hackers broke into those systems, they immediately kicked out TeamPCP hackers and removed their tools, according to a new report by cybersecurity firm SentinelOne.

From there, the hackers use their access to deploy code designed to replicate across different cloud infrastructure like a self-spreading worm, steal various types of credentials, and finally send the stolen data back to their infrastructure.

TeamPCP is a cybercriminal group that has gathered headlines in the last few weeks, thanks to a series of high-profile hacks attributed to the group. Those hacks have included a breach of the European Commission’s cloud infrastructure, and a broadscale cyberattack against widely used vulnerability scanner tool Trivvy, which affected any company that relied on it, including LiteLLM and AI recruiting startup Mercor, among others.

Alex Delamotte, the SentinelOne senior researcher who found the new hacking campaign and dubbed it “PCPJack,” told TechCrunch that it’s not clear who is behind it. At this point, Delamotte said her three theories are that the hackers are either disgruntled ex-TeamPCP members, are part of a rival group, or are a third party “who chose to directly model their attack tools on TeamPCP’s earlier campaigns,” many of which targeted cloud infrastructure.

“The services targeted by PCPJack strongly resemble the December-January TeamPCP campaigns, before the alleged change in group membership that happened in February-March,” said Delamotte.

Delamotte also noted that the hackers don’t just target systems compromised by TeamPCP, but they also scan the internet for exposed services such as the virtual machine cloud platform Docker, databases running MongoDB, and others. But SentinelOne said the group appeared largely focused on targeting TeamPCP.

Techcrunch event This Week Only: Buy one pass, get the second at 50% off

Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register before May 8 to bring a +1 at half the cost. This Week Only: Buy one pass, get the second at 50% off

Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register before May 8 to bring a +1 at half the cost. San Francisco, CA | REGISTER NOW

... continue reading

Explore topics: teampcp sentinelone trivvy mercor cloud infrastructure
Related:
New PCPJack worm steals credentials, cleans TeamPCP infections
TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
Amazon’s cloud business is surging — and so is its capital spending
Official SAP npm packages compromised to steal credentials
Is Meta's AI spending blitz working? The stock's next move depends on the answer

© 2026 GoKawiil

About | Editorial Policy | Contact