Table of contents
  1. What Happened
  2. How Did the Attack Work?
  3. Who is the Threat Group Behind It?
  4. Why It Matters
  5. New IOCs and Defense Strategies
  6. Where Obsidian Can Help
  7. Conclusion

The Impact of the Trivy Supply Chain Attack: Second Stage Exploitation

Credentials stolen in the Trivy compromise are actively being used to gain unauthorized access to enterprise app platforms including Slack and Microsoft.
April 3, 2026
Table of content
  1. What Happened
  2. How Did the Attack Work?
  3. Who is the Threat Group Behind It?
  4. Why It Matters
  5. New IOCs and Defense Strategies
  6. Where Obsidian Can Help
  7. Conclusion

What Happened

Credentials stolen in the Trivy compromise are actively being used to gain unauthorized access to enterprise app platforms including Slack and Microsoft. The supply chain risk continues to compound, as Obsidian Security has directly observed these stolen tokens, secrets, and API keys being weaponized in live environments.

How Did the Attack Work?

Attackers used TruffleHog, a legitimate open-source tool, to validate stolen credentials and extract additional secrets from connected services. By making live API calls directly to cloud and SaaS providers, TruffleHog lets attackers sort thousands of stolen secrets into "live" versus "rotated" in a single pass. Validation activity began just hours after the initial Trivy malware deployed, first observed on March 19 and continuing through April 2nd, with TruffleHog's user agent visible in AWS CloudTrail logs.

Who is the Threat Group Behind It?

The original Trivy supply chain attack has been attributed to TeamPCP (also tracked as DeadCatx3, PCPcat, ShellForce, and CipherForce). The SaaS-layer exploitation Obsidian has observed represents a second-stage of that same campaign, with TeamPCP using TruffleHog to extend access from stolen CI/CD credentials.

Why It Matters

In the Trivy compromise, stolen machine credentials were exploited within hours, and used to move laterally across enterprise environments before most organizations had even scoped their exposure. Moreover, many affected organizations were software companies with their own downstream integrations, meaning a single compromised credential can propagate silently across the entire SaaS supply chain. Security has historically been built around defending humans, but attackers are increasingly targeting machine identities: the OAuth tokens, API keys, service accounts, and AI workflows that connect enterprise app platforms to each other. As Obsidian demonstrated in the Salesloft and Gainsight incidents, these compromises create an outsized blast radius and are significantly more difficult for response teams to investigate and remediate.

New IOCs and Defense Strategies

Short-Term Strategies:

  • Determine your exposure to the Trivy compromise by auditing pipelines, CI/CD environments, and developer tooling for affected Trivy versions.
  • Rotate all credentials that may have been exposed.
  • Review cloud audit logs for TruffleHog user agent strings.
  • Monitor enterprise app integrations for anomalous behavior, such as access from infrastructure outside the integration’s established baseline.

New IOCs Identified by Obsidian:

We recommend treating these signals as one input in a broader detection strategy, rather than a definitive indicator on their own. 

Type Value Note
User Agent Contains ‘TruffleHog’
IP Address 185.77.218.4 Mullvad VPN, active March 26, 2026 - April 2, 2026
IP Address 34.205.27.48 AWS EC2

Long-Term Strategies: 

  • Treat non-human identities with the same rigor as human identities: e.g. establishing inventories, enforcing least-privilege access, requiring IP restriction where possible, and rotating and expiring credentials regularly
  • Implement layered threat detection and response to identify anomalous integration behavior (e.g., accessing unfamiliar data, authenticating from new infrastructure, or operating outside their established baseline).

Where Obsidian Can Help

Most security tools were built to govern human logins, stopping at the edge with no model for the machine-to-machine connections that now represent the increasingly exploited layer of the enterprise app stack.

The Obsidian Knowledge Graph continuously maps every identity, token, OAuth scope, and integration across your enterprise app environment, not as a point-in-time snapshot, but as a living model that tracks how access and behavior change over time. Obsidian can see what a compromised credential has access to, how it normally behaves, and the moment it doesn't, including downstream into the supply chain connections that turn a single breach into a cascade.

When an integration is implicated in an incident, Obsidian delivers immediate impact clarity — affected tenants, attack paths, and suspicious activity tied directly to your environment — so teams can contain exposure and respond with confidence, rather than waiting on vendor disclosures that arrive too late.

Conclusion

The broader lesson isn't specific to Trivy. As enterprises become more interconnected through integrations, automation, and AI agents, the machine-to-machine layer becomes an increasingly attractive and underdefended attack surface. The organizations that weather these incidents will be the ones that have visibility into that layer before an attacker does.