Hacker Groups Claim Credit for Same Supply Chain Attacks, Creating Confusion
Multiple hacker groups are taking credit for the same TeamPCP supply chain attacks as organizations disclose breaches, making it unclear who was actually responsible.
Published April 4, 2026
Something unusual is happening in the cybersecurity world that's creating confusion about who's behind recent attacks.
Organizations are disclosing data breaches from TeamPCP's supply chain attacks. But two other well-known hacker groups — ShinyHunters and Lapsus$ — are also taking credit for these same incidents.
This situation is making it unclear for enterprises to understand who was actually responsible for the attacks they're dealing with.
Multiple Groups, Same Claims
Supply chain attacks target software vendors or service providers to gain access to all their customers at once. In this case, while breaches are being attributed to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are separately claiming they were behind the same incidents.
When multiple criminal groups take credit for the same attacks, it creates a confusing situation for the organizations trying to understand what happened to their data and systems.
The competing claims from different hacker groups make it difficult for affected enterprises to know which group actually carried out the attacks or has access to their compromised information.
Ready to find the right cybersecurity tools?
Tell us about your setup and we'll match you to the right protection for your business. Free, unbiased.
Find my security solution