Executive Summary
This report analyzes the compromise of the Checkmarx Jenkins AST plugin by the TeamPCP threat group, as confirmed on May 11, 2026. The incident follows a series of supply-chain attacks targeting Checkmarx developer tools, including the KICS analysis tool and the Trivy vulnerability scanner. The attackers leveraged credentials stolen during the Trivy supply-chain breach in March 2026 to gain unauthorized access to Checkmarx’s GitHub repositories. Using this access, they published a rogue version of the Jenkins AST plugin containing credential-stealing malware to the official Jenkins Marketplace. The malicious plugin, version 2026.5.09, was distributed outside the official release pipeline and did not follow standard versioning or tagging practices. Checkmarx has advised all users who installed the compromised plugin to assume their credentials are compromised, rotate all secrets, and investigate for further malicious activity. The company has published indicators of compromise (IoCs) and continues to provide updates via its support channels. No evidence currently suggests that customer production environments or data were directly affected, as Checkmarx’s GitHub repositories are isolated from customer systems. This report is based on verified information from BleepingComputer and other reputable sources, with all claims supported by direct evidence or official statements.
Technical Information
The TeamPCP compromise of the Checkmarx Jenkins AST plugin represents a sophisticated supply-chain attack targeting the software development lifecycle. The attack began with the theft of credentials during the Trivy vulnerability scanner breach in March 2026. These credentials enabled the attackers to access Checkmarx’s GitHub repositories, which are used to manage source code and release artifacts for various developer tools.
Once inside the GitHub environment, TeamPCP maintained persistent access for at least a month, as evidenced by the timeline of subsequent malicious releases. The attackers published a rogue version of the Jenkins AST plugin (version 2026.5.09) to the official Jenkins plugin repository (repo.jenkins-ci.org) on May 9, 2026. This version was not part of the official release pipeline, lacked a corresponding git tag, and did not have a GitHub release, all of which are deviations from Checkmarx’s standard software development and release practices.
The malicious plugin contained credential-stealing malware, commonly referred to as an infostealer. While Checkmarx has not publicly disclosed the specific technical details of the malware, the company and independent security researchers have advised that any system running the compromised plugin should be considered at risk for credential theft. The infostealer is believed to harvest authentication tokens, API keys, and potentially other sensitive information from developer environments, which could be used for further lateral movement or exfiltration of sensitive assets.
The attack is mapped to several MITRE ATT&CK techniques, including Valid Accounts (T1078) for the use of stolen credentials, Supply Chain Compromise (T1195) for the insertion of malicious code into a legitimate software update, and Input Capture (T1056) for the collection of credentials via malware. The attackers also demonstrated Defense Evasion (T1562) by publishing the plugin outside the official release process, making detection more difficult.
In addition to the Jenkins AST plugin, TeamPCP published modified versions of other developer tools, including the KICS analysis tool on Docker, Open VSX, and VSCode, all containing similar info-stealing code. This pattern of targeting widely used DevSecOps tools indicates a strategic focus on compromising the software supply chain at multiple points.
The attackers left a message in the plugin’s about section, stating: "Checkmarx fails to rotate secrets again. With love - TeamPCP." This message, combined with the technical evidence of credential reuse and the sequence of related incidents, provides high-confidence attribution to TeamPCP.
Checkmarx has stated that its GitHub repositories are isolated from customer production environments and that no customer data is stored in these repositories. However, the risk to organizations using the compromised plugin is significant, as the infostealer could enable further attacks against internal systems, CI/CD pipelines, and other integrated services.
Affected Versions & Timeline
The affected product is the Checkmarx Jenkins AST plugin. The malicious version is 2026.5.09, which was uploaded to repo.jenkins-ci.org on May 9, 2026. This version does not follow the official date style scheme used by Checkmarx and lacks a git tag and GitHub release.
Checkmarx has advised that users should only use version 2.0.13-829.vc72453fa_1c16, published on December 17, 2025, or earlier versions. Any installations of version 2026.5.09 should be considered compromised.
The timeline of related events is as follows: In March 2026, TeamPCP conducted a supply-chain attack against the Trivy vulnerability scanner, stealing credentials used for Checkmarx’s GitHub repositories. In April 2026, the attackers published a malicious version of the KICS analysis tool on Docker, Open VSX, and VSCode. In late April, the LAPSUS$ group leaked data from Checkmarx’s private GitHub repository, though this is considered a separate incident. On May 9, 2026, the rogue Jenkins AST plugin was published, marking the third major supply-chain compromise affecting Checkmarx developer tools in a six-week period.
Threat Activity
TeamPCP is a threat group specializing in supply-chain attacks against software development and DevSecOps environments. Their tactics involve stealing credentials from one compromised tool or environment and using them to access and backdoor other developer tools. In this campaign, TeamPCP leveraged credentials stolen during the Trivy attack to access Checkmarx’s GitHub repositories and publish malicious artifacts.
The group’s activities are characterized by the insertion of info-stealing malware into widely used developer tools, including the Jenkins AST plugin, KICS analysis tool, and others. The malware is designed to harvest credentials and other sensitive information from developer environments, enabling further compromise of CI/CD pipelines, source code repositories, and potentially production systems.
TeamPCP’s operations are notable for their persistence, as they maintained access to Checkmarx’s repositories for at least a month before detection. The group also demonstrates a high level of technical sophistication, evading standard release controls and targeting multiple points in the software supply chain.
The impact of these attacks is significant, as compromised credentials can be used for lateral movement within victim organizations, further supply-chain attacks, and exfiltration of sensitive code or secrets. The targeting of tools like Jenkins, Docker, and VSCode indicates a focus on environments where automated builds, testing, and deployments are common, increasing the potential scale and impact of the compromise.
Mitigation & Workarounds
Organizations that have installed the malicious version 2026.5.09 of the Checkmarx Jenkins AST plugin should immediately assume that all credentials and secrets accessible from affected systems are compromised. The most critical actions are as follows: rotate all credentials and secrets used in affected environments, including API keys, authentication tokens, and passwords; conduct a thorough investigation for signs of lateral movement or persistence, such as unauthorized access to other repositories, CI/CD pipelines, or infrastructure; and use the indicators of compromise (IoCs) published by Checkmarx to scan for evidence of compromise in developer environments.
It is also recommended to review all recent plugin and tool installations for authenticity, ensuring that only officially released and signed versions are in use. Organizations should enhance monitoring of CI/CD pipelines and developer workstations for unusual activity, such as unexpected network connections or credential access patterns.
For ongoing protection, organizations should implement strict credential management practices, including regular rotation of secrets, use of least privilege principles, and monitoring for unauthorized access. Supply-chain security controls, such as verifying the integrity and authenticity of all third-party software and plugins, are essential to reduce the risk of similar attacks.
References
https://www.bleepingcomputer.com/news/security/official-checkmarx-jenkins-package-compromised-with-infostealer/ https://checkmarx.com/blog/ongoing-security-updates/ https://www.securityweek.com/checkmarx-jenkins-ast-plugin-compromised-in-supply-chain-attack/amp/ https://www.theregister.com/devops/2026/05/11/checkmarx-tackles-another-teampcp-intrusion-as-jenkins-plugin-sabotaged/5237780
About Rescana
Rescana provides a Third-Party Risk Management (TPRM) platform that enables organizations to continuously monitor and assess the security posture of their software supply chain and vendor ecosystem. Our platform supports the identification of compromised components, detection of anomalous activity in CI/CD pipelines, and management of remediation workflows. For questions regarding this incident or to discuss supply-chain risk management strategies, contact us at ops@rescana.com.
