SANDCLOCK
A credential stealer used by UNC6780 (TeamPCP) to exfiltrate AWS keys, GitHub tokens, and supply-chain credentials enabling downstream repository and infrastructure access.
Last refreshed: 20 May 2026 · Appears in 1 active topic
How did one credential-stealer open Cisco, LiteLLM, and BerriAI in the same window?
Timeline for SANDCLOCK
Exfiltrated credentials from the Trivy supply-chain compromise to enable Cisco repository access
Cybersecurity: Threats and Defences: UNC6780 takes Cisco AI Defense source codeExfiltrated AWS keys and GitHub tokens enabling the LiteLLM intrusion
Cybersecurity: Threats and Defences: LiteLLM SQL injection hits in 36 hoursWhat is SANDCLOCK malware?
How did SANDCLOCK enable the Cisco GitHub breach?
Background
SANDCLOCK is the credential-stealer tooling deployed by UNC6780 (TeamPCP) in its May 2026 supply-chain operation. It exfiltrated GitHub tokens and AWS keys from developer environments compromised through the Trivy vulnerability (CVE-2026-33634, March 2026), providing the cluster with the credentials needed to access Cisco's private GitHub repositories. The same SANDCLOCK-harvested credentials were used separately in the LiteLLM and BerriAI intrusion, demonstrating a credential-reuse pattern across distinct target organisations within the same campaign window.
SANDCLOCK had been in circulation before the May 2026 campaign; prior TeamPCP operations used it against SAP npm package ecosystems. The Trivy supply-chain pivot gave SANDCLOCK a broader harvest surface than targeted developer endpoint attacks: because Trivy is a Universal container-security scanner that holds pipeline credentials for every project it audits, a single Trivy compromise yields credentials across all downstream projects that trust it.
SANDCLOCK represents a class of supply-chain credential stealers that target the tooling layer rather than end-user devices, exploiting the structural concentration risk of CI/CD pipeline scanners. For defenders, this shifts the credential-hygiene perimeter from developer laptops to the scanner and auditing toolchain itself.