TeamPCP — Re-Compromises Checkmarx Jenkins AST Plugin Weeks After Initial Breach

AI relevance: TeamPCP's campaign has consistently targeted AI and security tooling — from LiteLLM and KICS to AI coding agents — making this re-compromise of Checkmarx infrastructure a direct threat to the AI devops supply chain.

Checkmarx confirmed that a modified, malicious version of its Jenkins AST plugin was published to the Jenkins Marketplace, marking the second breach of the company's infrastructure by cybercrime group TeamPCP (UNC6780) in just weeks.

• TeamPCP gained unauthorized access to the Jenkins AST plugin's GitHub repository and defaced it with the name "Checkmarx-Fully-Hacked-by-TeamPCP-and-Their-Customers-Should-Cancel-Now."
• Checkmarx advises users to verify they are running version 2.0.13-829.vc72453fa_1c16 (published December 17, 2025) or older; a clean replacement version 2.0.13-848.v76e89de8a_053 has been published.
• The defaced repository included the message "Checkmarx fails to rotate secrets again" — pointing to incomplete credential rotation after the March 2026 incident.
• SOCRadar analysts noted two likely scenarios: either the initial remediation was incomplete, or TeamPCP retained an unidentified foothold and actively tested for re-entry points.
• This follows TeamPCP's March compromise of Checkmarx KICS Docker images, two VS Code extensions, and a GitHub Actions workflow — all pushing credential-stealing malware.
• The campaign has now hit at least five projects: LiteLLM (CVE-2026-42208), Trivy, Checkmarx KICS, Checkmarx Jenkins AST, and a brief Bitwarden CLI compromise.
• TeamPCP's modus operandi involves harvesting CI runner secrets and developer credentials, then pivoting to broader network access and ransomware deployment.

Why it matters

A second compromise of the same vendor within weeks signals that remediation was either insufficient or that the attacker maintained persistent access. For organizations using Checkmarx tooling in AI/ML CI pipelines — particularly the Jenkins AST plugin for SAST scanning — any malicious plugin version could exfiltrate build secrets, source code, and API credentials that protect AI model serving infrastructure.

What to do

• If you use the Checkmarx Jenkins AST plugin, verify your installed version matches the clean release and rotate all CI secrets immediately.
• Assume any secrets exposed between the March incident and this re-compromise are compromised — rotate API keys, tokens, and credentials used in AI/ML pipelines.
• Review your incident response playbooks: re-compromise of a previously-breach vendor requires deeper forensic analysis than a fresh compromise (search for retained footholds, backdoor accounts, and persistence mechanisms).
• Monitor for TeamPCP IOCs across your CI/CD infrastructure, particularly npm, PyPI, Jenkins, and Docker registries.

Sources

• The Hacker News — TeamPCP Compromises Checkmarx Jenkins AST Plugin
• Checkmarx — Ongoing Security Updates
• SOCRadar — Checkmarx Jenkins Plugin Backdoored by TeamPCP