Timeline

SANDCLOCK

A credential stealer used by UNC6780 (TeamPCP) to exfiltrate AWS keys, GitHub tokens, and supply-chain credentials enabling downstream repository and infrastructure access.

2 of 2 entries (2 events, 0 interactions)

Filters

EventsMentionsInteractions

#411 May

Exfiltrated credentials from the Trivy supply-chain compromise to enable Cisco repository access

Cybersecurity: Threats and Defences: UNC6780 takes Cisco AI Defense source code

#48 May

Exfiltrated AWS keys and GitHub tokens enabling the LiteLLM intrusion

Cybersecurity: Threats and Defences: LiteLLM SQL injection hits in 36 hours

← Back to SANDCLOCK