TeamPCP Interview Reveals Motives: Anti-Establishment, Not Ideological

Cyber News - Erez Dasa published an exclusive interview with ‘T,’ a representative of the TeamPCP hacking group, shedding light on their seemingly contradictory targeting strategy. TeamPCP, known for breaching Israeli companies like Aqua (Trivy) and Checkmarx, also deployed a wiper named ‘Kamikaze’ against Iranian targets. ‘T’ clarified that their actions are driven by a broad anti-establishment stance, viewing both the Iranian regime and the Israeli government as ‘evil’ for different reasons.

‘T’ stated that the wiper against Iran was ‘more for fun,’ and that they don’t negotiate with what they perceive as evil. This perspective explains their opportunistic targeting, focusing on entities they believe misuse power. The group’s operational model prioritizes speed and profit over traditional ransomware encryption, preferring data exfiltration and rapid sale of access. They claim to have impacted ‘tens of thousands of companies,’ with ‘millions’ of developer accounts compromised.

TeamPCP actively collaborates with other groups, including LAPSUS$ and Breached, to create an ‘ecosystem’ for quicker data monetization and access transfer. ‘T’ emphasized that while much of their activity is internal, the public-facing results, such as their recent sale of 4,000 GitHub repository source codes for $50,000 (with a top offer of $95,000 at the time of the interview, according to Erez Dasa), are often just the ‘quick breaches.’ Their shift from encryption to pure data theft was driven by efficiency and the realization that comparable payments could be secured with less business disruption.