Handala Threat Group
An Iranian aligned threat group conducting destructive and espionage focused cyber operations against organizations in Israel and Western countries.
The TeamPCP supply chain compromise has recently emerged as a highly impactful campaign targeting widely used open-source ecosystems, specifically abusing trust in package repositories such as npm and PyPI. This activity has been linked to compromises involving popular developer tooling and libraries, including Trivy, LiteLLM, and Checkmarx KICS, where malicious code was introduced into legitimate packages and distributed downstream to unsuspecting users. Researchers observed that TeamPCP leveraged these trusted packages to execute malicious payloads during installation or runtime, effectively turning legitimate software into a delivery mechanism for credential theft and environment compromise. It is worthy to note that the compromise of LiteLLM in PyPI and Trivy-related npm packages significantly increased the potential blast radius due to their widespread adoption across cloud-native, DevOps, and AI-driven environments
Verity471 References:
Get your FREE Community Account today on the HUNTER Platform and get access to behavioral threat hunting content for your SIEM, EDR, NDR, and XDR platforms!
Captures the execution of high-entropy, encoded payloads (e.g., Base64) within Python command lines to identify fileless malware, obfuscated scripts, and evasion techniques like homoglyph bypasses.
This hunt aims to surface cases where a node process invokes systemctl --user, which can indicate the creation or management of user-level systemd services for persistence. Attackers have abused this technique in supply chain attacks, such as CanisterWorm, to install backdoors that automatically restart and blend in with legitimate services by using trusted-sounding names like pgmon.
This hunt package identifies instances where the 'chmod' command is used to modify file permissions, specifically focusing on changes that grant executable rights. By correlating these events with user contexts and known file paths, the package aims to highlight potentially malicious activities, such as the preparation of a system for exploitation or the setup of persistence mechanisms by unauthorized users.
This hunt package identifies retrieval of the npm registry authentication token using "npm config get", which may indicate credential access or token harvesting activity.
This Threat Hunt package identifies suspicious Python executions originating from non-standard directories, such as hidden or unconventional locations signaling potential malware infection.
An Iranian aligned threat group conducting destructive and espionage focused cyber operations against organizations in Israel and Western countries.
CrazyHunter is a ransomware campaign targeting healthcare that weakens endpoint defenses and escalates privileges before encrypting systems at scale.
DevMan Ransomware is a newly emerging ransomware operation observed in 2025 that has been assessed as a derivative of the DragonForce ransomware family.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.
Facts Only
Handala is an Iranian-aligned threat group conducting cyber operations against Israel and Western countries.
The TeamPCP supply chain compromise targets open-source ecosystems, specifically npm and PyPI repositories.
Malicious code was introduced into legitimate packages, including Trivy, LiteLLM, and Checkmarx KICS.
Compromised packages were distributed to users, enabling credential theft and system compromise.
The attack leverages trusted software to execute malicious payloads during installation or runtime.
LiteLLM and Trivy-related packages have widespread adoption in cloud-native, DevOps, and AI environments.
Threat-hunting techniques include detecting high-entropy Python payloads, systemd service abuse, and unauthorized file permission changes.
Retrieval of npm registry authentication tokens may indicate credential harvesting.
CrazyHunter is a ransomware campaign targeting healthcare organizations.
DevMan Ransomware is a new variant observed in 2025, linked to the DragonForce ransomware family.
Executive Summary
An Iranian-aligned threat group, Handala, is conducting cyber operations targeting organizations in Israel and Western countries, focusing on both destructive attacks and espionage. A recent campaign, the TeamPCP supply chain compromise, has exploited trust in open-source package repositories like npm and PyPI, injecting malicious code into widely used developer tools such as Trivy, LiteLLM, and Checkmarx KICS. These compromised packages were then distributed to unsuspecting users, enabling credential theft and system compromise. The attack leveraged legitimate software as a delivery mechanism, with malicious payloads executing during installation or runtime. The scale of the threat is amplified by the widespread adoption of these tools in cloud-native, DevOps, and AI-driven environments.
Additionally, the article highlights various threat-hunting techniques to detect malicious activities, such as the execution of obfuscated Python payloads, abuse of systemd services for persistence, unauthorized file permission changes, and credential harvesting via npm tokens. Other notable threats include CrazyHunter, a ransomware campaign targeting healthcare, and DevMan Ransomware, a new variant linked to the DragonForce ransomware family. The information underscores the evolving tactics of cyber threat actors and the importance of proactive threat detection in mitigating risks.
Full Take
The narrative presents a clear and present danger from state-aligned cyber threat actors, particularly Handala, leveraging supply chain attacks to compromise widely used open-source tools. The strongest version of this narrative highlights the sophistication of these attacks, where legitimate software is weaponized to distribute malware, evade detection, and establish persistence. The focus on open-source ecosystems underscores a critical vulnerability in modern software development, where trust in package repositories can be exploited at scale.
Pattern scan: The article employs a degree of urgency and technical detail to emphasize the severity of the threats, which could be interpreted as a form of fear appeal (ARC-0012). However, the content remains largely factual, with specific examples of compromised tools and threat-hunting techniques. The inclusion of multiple threat actors (Handala, CrazyHunter, DevMan) may serve to broaden the perceived scope of the problem, though this is supported by the provided details.
Root cause: The underlying paradigm here is the growing reliance on open-source software and the inherent risks of supply chain attacks. The assumption is that these ecosystems are inherently vulnerable due to their distributed and collaborative nature, making them prime targets for state-sponsored actors. This echoes historical patterns of cyber espionage, where adversaries exploit trusted infrastructure to achieve strategic objectives.
Implications: The second-order consequences include eroded trust in open-source software, increased costs for security monitoring, and potential disruptions in critical sectors like healthcare. The human agency dimension is significant—developers and organizations must now navigate a landscape where even legitimate tools can be weaponized.
Bridge questions: How can open-source ecosystems better defend against supply chain attacks without stifling innovation? What role should governments play in securing critical software infrastructure? Would a decentralized or more rigorous vetting process for package repositories mitigate these risks?
Counterstrike scan: If this were part of a coordinated influence campaign, the playbook might involve amplifying fear around open-source vulnerabilities to push for centralized control or proprietary alternatives. However, the content does not align with this pattern—it provides actionable threat intelligence without advocating for specific policy changes or commercial solutions. The focus remains on awareness and detection, which is consistent with legitimate cybersecurity reporting.
Sentinel — Human
The text blends high-level threat reporting with highly specific threat hunting objectives, suggesting it is likely compiled from human-generated security intelligence rather than pure, synthetic generation.