Summary4 min read

SANS Stormcast Podcast Summary – April 1, 2026:

Application Control Bypass, Axios NPM Module Compromise, TeamPCP vs Cloud

Episode Overview

In this episode, host Johannes B. Ullrich delivers a concise and insightful update on three critical cybersecurity topics: a method for bypassing modern application control in firewalls, a recent supply chain compromise affecting the popular Axios NPM module, and the ongoing malicious actions of hacker group TeamPCP, particularly their recent attacks targeting cloud environments. The tone is informative and practical, with actionable details and up-to-date analysis.

Key Discussion Points & Insights

1. Bypassing Application Control in Next-Gen Firewalls

Main Point: Xavier’s recent diary shows how next-generation firewalls (specifically Palo Alto’s app control) can be circumvented.
- Technique: Using a simple netcat tunnel bypasses application control by exploiting how the firewall identifies application protocols.
Firewall Analysis Process:
- Firewalls take a few moments to identify traffic. In Palo Alto's case, it requires 5,000 bytes of data to determine the protocol.
- During this delay, data can be exfiltrated without being flagged.
PoC: Xavier wrapped netcat to automate splitting files into 5,000-byte chunks, enabling exfiltration of larger files unnoticed.
- "So fairly simple and well, kind of interesting also artifact here of this particular application control algorithm." (Johannes, 01:10)
Detection:
- Monitoring for repeated 5,000-byte transfers or many connections on odd ports may reveal this technique.
- However, such analysis is not included in typical firewall app control behavior.

2. Axios NPM Module Supply Chain Compromise

Incident Summary:
- The Axios NPM package (commonly used for HTTP API connections) was compromised due to an attacker taking control of the repository administrator’s GitHub credentials.
Breach Mechanism:
- Although it’s unclear how the credentials were stolen, there's speculation that they may have been among those collected by TeamPCP in previous campaigns.
- The attacker did not modify existing Axios code. Instead, they:
  - Added a new dependency on crypto-js.
  - Used a post-install script in the dependency to deliver malicious payloads (Remote Access Trojans; RATs) tailored per OS (Mac, Windows, Linux).
    - "The usual post install script is being called. That post install script well contains the malicious code." (Johannes, 03:14)
Scope and Duration:
- The malicious package was detected after about three hours.
- Only new versions were affected; earlier versions remained untouched (a common TeamPCP tactic).
Aftermath & Mitigation:
- The Remote Access Trojan often uninstalled itself post-deployment, complicating remediation.
  - "Some of the files that are being installed here are being uninstalled and removed after the Remote Access Trojan is installed, so that makes sort of here the cleanup slightly more difficult." (Johannes, 04:08)
- Artifacts remain for investigators, and Step Security published IoCs and an analysis.
- SANS released a livestream with Josh Wright and Rich Green for further details.

3. TeamPCP’s Evolving Cloud Attacks

Background: TeamPCP, a group known for mass credential theft, is shifting tactics.
- Previously focused on developer credentials and initial access brokerage.
Current Activity:
- Wizz security reports that TeamPCP is now using stolen credentials to compromise cloud environments.
  - Focus on data and secrets exfiltration, rather than immediate monetization or asymmetric ransomware.
  - "They are seeing many of the credentials that were apparently stolen as part of the trivia round of exploits being used now to compromise cloud environments." (Johannes, 05:00)
Advice:
- Stay vigilant, monitor cloud access patterns, and scrutinize recent installs or admin actions.
- This is likely "just the tip of the iceberg"; further incidents are anticipated in the coming weeks.
- "Still get your supply chain under control. Be careful over the next couple of weeks what you're installing." (Johannes, 04:35)

Notable Quotes

On Application Control Bypass:
"What Xavier found with Palo Alto in particular, that it takes 5,000 bytes in order to figure out what application is running. So you're able to exfiltrate up to 5,000 bytes." (Johannes, 01:00)
On the Axios Compromise:
"The compromise originated with the compromise of the administrators for the Axios GitHub repository getting compromised." (Johannes, 02:15)
On TeamPCP’s Ongoing Threat:
"I think you know what I said last week with TeamPCP, we just have seen sort of the tip of the iceberg here." (Johannes, 04:32)
On Cloud Attack Trends:
"They are seeing many of the credentials that were apparently stolen... being used now to compromise cloud environments... focusing on data, in particular, secrets, exfiltration." (Johannes, 05:08)

Important Segments & Timestamps

Application control bypass with netcat and Palo Alto firewalls – 00:18 – 02:00
Axios NPM supply chain compromise – 02:01 – 04:22
TeamPCP threat evolution & cloud environment attacks – 04:23 – 05:25

Actionable Advice

Monitor for unusual network transfers or repeated, small chunked connections.
Check installations for the compromised Axios NPM package and refer to Step Security/IoC indicators.
Auditable supply chain hygiene is more important than ever – validate dependencies and admin credential usage.
Proactively monitor for cloud credential misuse, especially if credential leaks from TeamPCP might impact your environment.

This episode provides an essential daily briefing on emerging threats, stressing vigilance in the face of swift, sophisticated attacks—whether through network trickery, software supply chains, or cloud credential theft.

Loading summary

Transcript1 lines

[00:05]
A
Hello and welcome to the Wednesday, April 1, 2026 edition of the sans Internet storm centers Stormcast. My name is Johannes Ulrich and today I'm recording from Orlando, Florida and this episode is brought to you by the Sans Edu Bachelor's Degree program in Applied Cybersecurity. An interesting diary today by Xavier showing how simple it can be to bypass some more advanced next generation firewall features like for example Palo Alto's application control. What Xavier did here is essentially just set up a simple netcat tunnel. Now the promise of application control is that it recognizes what application protocol is used in a certain connection and is then able to shut down code connections on odd ports that don't look like they are supporting a particular application protocol or an application that is atypical for the particular port being used. Now the problem here is that it takes these next generation firewalls a little while to figure out what application is running before it is being shut down. And what Xavier found with Palo Alto in particular, that it takes five in order to figure out what application is running. So you're able to exfiltrate up to 5000 bytes. Well Xavier turn it into a little sort of wrapper around netcat to then be able to even exfiltrate larger files. All it takes is that you're cutting them into 5,000 byte chunks and everything is working just fine. So fairly simple and well, kind of interesting also artifact here of this particular application control algorithm. Them there is still of course a chance to detect it if you're looking for connections that have just about that size, or if you're just looking for a large number of connections on odd ports. But this is not sort of what is then done via these application control features in your firewall. And yes, it looks like supply chain compromises are only getting worse. Yesterday the very popular NPM package Axios was compromised. This package does implement an HTTP client. Anything sort of connecting to HTTP, maybe using Axios in order to connect to APIs and similar resources. The compromise originated with the compromise of the administrators for the Axios GitHub repository getting compromised. It's not really clear how this happened yet, but given that Team PCP recently did collect so many developer credentials, it' possible that this is one of the credentials they caught. Now the follow up, the compromise here doesn't look like team pcp. The techniques look a little bit different, but of course Team PCP also started to sell off some of the credentials that they collected and will act as sort of an initial access broker. The compromise did not change the access code itself. Instead, it added an additional component, plain crypto js. This particular module was not actually used in the code, but by being listed as a dependency, it's still being installed during the install. The usual post install script is being called. That post install script well contains the malicious code. This malicious code will, depending on the operating system, install different remote access tools. They have different tools listed for macOS, for Windows as well as for Linux. Yes, it could have been worse. The compromise was detected relatively quickly. It lasted about three hours. But you want to make sure that you don't have this malicious version installed. Also, they added a new version. They did not alter any of the existing version, which is sort of one of the typical things that TeamPCP does. Step security, who documented a lot of these issues early on, has put together a nice timeline, also put together an analysis of the Remote Access Trojan, and did also publish some of the indicators of compromise that you can use to detect whether or not your system was affected. But remember, some of the files that are being installed here are being uninstalled and removed after the Remote Access Trojan is installed, so that makes sort of here the cleanup slightly more difficult. But there are still enough artifacts that you can use. According to the Step Security blog, Sans also published a live stream today with Josh Wright and Rich Green, who go over some of the details that were known at the time about this compromise. Still a little bit a developing story, but I think you know what I said last week with Team pcp, we just have seen sort of the tip of the iceberg here. Well, you slowly sort of get a little bit down to the iceberg still get your supply chain under control. Be careful over the next couple of weeks what you're installing. I'm sure we'll see more in the next few days. I'm talking about Team PCP and what they're up to. Wizz published a blog post that they are seeing many of the credentials that were apparently stolen as part of the trivia round of exploits being used now to compromise cloud environments. So they're stating that Team PCP is shifting focus here a little bit and going after these cloud environments again, focusing on data in particular secrets, exfiltration. Well, and this is it for today. So thanks for listening, thanks for liking, thanks for subscribing. There is a chance that there will be more no podcast for Thursday because Wednesday evening I have sort of a little timing conflict here. We'll see if I find the time to record or not, but otherwise don't be surprised if there is no podcast on Thursday. Thanks and talk to you again tomorrow or day after tomorrow.