[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-teampcp-supply-chain-ai-poisoning-zh":3,"article-related-teampcp-supply-chain-ai-poisoning-zh":30,"series-research-faea762d-3f1d-446a-89af-d8278d8eb21f":71},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":11,"keywords":15,"key_takeaways":22,"views":26,"created_at":27,"published_at":28,"topic_cluster_id":29},"faea762d-3f1d-446a-89af-d8278d8eb21f","teampcp-supply-chain-ai-poisoning-zh","TeamPCP 供应链投毒升級","\u003Cp data-speakable=\"summary\">安天CERT指出，TeamPCP正借AI把供应链投毒做成批量化、自动化攻击。\u003C\u002Fp>\u003Cp>安天CERT最新分析显示，TeamPCP正在把传统的供应链入侵，改写成更快、更广的批量投毒流程。攻击面从开源包一路延伸到CI\u002FCD流水线、开发者凭证和发布链路，形成连续渗透。\u003C\u002Fp>\u003Cp>这次被点名的行动横跨多个阶段，报告提到团队在8个月内完成多轮更新，并围绕Chalk\u002FDebug、Shai-Hulud、Megalodon、\u003Ca href=\"\u002Fnews\u002Fgoogle-home-speaker-preorder-gemini-first-zh\">Mini\u003C\u002Fa> Shai-Hulud持续调整手法。AI被放进作恶流程后，恶意代码迭代、伪装发布和溯源干扰都明显加速。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>項目\u003C\u002Fth>\u003Cth>數值\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>攻击程序迭代周期\u003C\u002Ftd>\u003Ctd>8个月内完成多轮更新\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>重点行动\u003C\u002Ftd>\u003Ctd>Chalk\u002FDebug、Shai-Hulud、Megalodon、Mini Shai-Hulud\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>主力生成工具\u003C\u002Ftd>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Fclaude\" target=\"_blank\" rel=\"noopener\">Claude 3.5 Sonnet\u003C\u002Fa> + \u003Ca href=\"https:\u002F\u002Fdocs.anthropic.com\u002Fen\u002Fdocs\u002Fclaude-code\" target=\"_blank\" rel=\"noopener\">Claude Code CLI\u003C\u002Fa>\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>辅助模型\u003C\u002Ftd>\u003Ctd>GPT-4o、GPT-4 Turbo\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>可信标准击穿\u003C\u002Ftd>\u003Ctd>SLSA L3\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>发生了什么\u003C\u002Fh2>\u003Cp>报告把TeamPCP的打法概括为“广而快”的投毒模式，而不是过去那种长期潜伏、单点渗透的供应链攻击。攻击者不再只盯一个仓库或一个维护者，而是批量污染开源组件、劫持CI\u002FCD流程、窃取OIDC令牌，再把恶意负载塞进正常发布链路。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782162173285-n712.png\" alt=\"TeamPCP 供应链投毒升級\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>AI在这里不是旁观工具，而是直接参与生成。报告称，\u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002Fclaude\" target=\"_blank\" rel=\"noopener\">Claude\u003C\u002Fa> 3.5 Sonnet与\u003Ca href=\"https:\u002F\u002Fdocs.anthropic.com\u002Fen\u002Fdocs\u002Fclaude-code\" target=\"_blank\" rel=\"noopener\">Claude Code CLI\u003C\u002Fa>被用来产出脚手架、启动脚本和后门逻辑，\u003Ca href=\"https:\u002F\u002Fopenai.com\u002Findex\u002Fgpt-4o-and-gpt-4-turbo\u002F\" target=\"_blank\" rel=\"noopener\">GPT-4o\u003C\u002Fa>负责细化攻击逻辑和混淆代码，\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffeatures\u002Fcopilot\" target=\"_blank\" rel=\"noopener\">Copilot\u003C\u002Fa>则补全局部片段。对攻击者来说，这等于把原本需要手工拼接的链条，压缩成可重复调用的\u003Ca href=\"\u002Fnews\u002Frust-forum-checkins-turn-vague-work-into-plans-zh\">工作\u003C\u002Fa>流。\u003C\u002Fp>\u003Cp>报告还\u003Ca href=\"\u002Fnews\u002Fgithub-open-source-topic-52555-repos-zh\">列出\u003C\u002Fa>几项具体特征：8个月内多轮迭代，Mini Shai-Hulud中劫持TanStack官方CI\u002FCD并窃取OIDC令牌，恶意程序伪装成符合SLSA L3的可信发布产物，通信还被包装成OpenTelemetry遥测接口。换句话说，攻击不只是在“进来”，还在尽量让自己看起来像正常开发活动。\u003C\u002Fp>\u003Cul>\u003Cli>8个月内，TeamPCP完成多轮攻击迭代。\u003C\u002Fli>\u003Cli>Mini Shai-Hulud中，攻击者劫持TanStack官方CI\u002FCD并窃取OIDC令牌。\u003C\u002Fli>\u003Cli>恶意程序可伪装成符合SLSA L3的可信发布产物。\u003C\u002Fli>\u003Cli>通信还被伪装成OpenTelemetry遥测接口，降低识别难度。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>更麻烦的是溯源干扰。报告指出，TeamPCP会用多语种混杂注释、字符倒置加密和误导线索来抬高分析成本。AI在这里同样有用，因为它能快速生成不同版本的伪装文本，让攻击痕迹看起来更像“混乱的开发现场”，而不是刻意设计的入侵链。\u003C\u002Fp>\u003Ch2>为什么重要\u003C\u002Fh2>\u003Cp>对开发团队来说，防线已经不只在仓库权限和包管理器上。CI\u002FCD、云凭证、构建缓存、第三方Action和AI开发工具都可能成为入口，只要一个上游环节被攻陷，恶意代码就能借正常发布流程进入下游项目。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782162175002-zwkn.png\" alt=\"TeamPCP 供应链投毒升級\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>这也解释了为什么供应链安全正在从“单点防护”转向“全链路验证”。SBOM、签名、来源证明和SLSA仍然重要，但TeamPCP案例说明，这些信任标记本身也可能被伪造。开发者接下来要看的，不只是有没有签名，而是签名、流水线、身份和产物之间是否真的一致。\u003C\u002Fp>\u003Cp>对产业来说，这类攻击会把安全成本往上推，因为防守方必须同时处理自动化投毒、AI辅助伪装和快速变种。过去靠人工审查还能抓住一部分异常，现在则需要把检测前移到构建和发布环节，并把遥测、身份验证和制品验证串成一条线。\u003C\u002Fp>\u003Cp>结论很直接：当AI把投毒成本压低、把伪装能力抬高后，开发者要问的不是“有没有恶意包”，而是“哪一层信任已经被污染”。\u003C\u002Fp>","安天CERT指出，TeamPCP正借AI把供应链投毒做成批量化、自动化攻击，目标涵盖开源包、CI\u002FCD与开发者凭证。","zhuanlan.zhihu.com","https:\u002F\u002Fzhuanlan.zhihu.com\u002Fp\u002F2050997231738688260",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782162173285-n712.png","research","zh",[16,17,18,19,20,21],"TeamPCP","供应链投毒","CI\u002FCD","AI攻击","SLSA","开源安全",[23,24,25],"TeamPCP把供应链攻击做成批量化、自动化流程。","AI被用来生成恶意代码、伪装发布和干扰溯源。","防护重点正在从单点签名转向全链路一致性验证。",2,"2026-06-22T21:02:22.730536+00:00","2026-06-22T21:02:22.728+00:00","0c35a120-52fc-41fc-afa3-d404eb934158",{"tags":31,"relatedLang":11,"relatedPosts":34},[32],{"name":18,"slug":33},"cicd",[35,41,47,53,59,65],{"id":36,"slug":37,"title":38,"cover_image":39,"image_url":39,"created_at":40,"category":13},"a1c5b218-d9ff-4e46-9c58-07d0fe5152fc","vlm-accuracy-visual-cognitive-errors-decade-zh","VLM 描述複雜場景變準了","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1783926189859-c95z.png","2026-07-13T07:02:36.585294+00:00",{"id":42,"slug":43,"title":44,"cover_image":45,"image_url":45,"created_at":46,"category":13},"2ec5f4bf-f90a-4dc9-98e0-dc8189169e56","visual-pretraining-language-models-zh","視覺預訓練勝過純文字","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1783924384413-4ob9.png","2026-07-13T06:32:35.520894+00:00",{"id":48,"slug":49,"title":50,"cover_image":51,"image_url":51,"created_at":52,"category":13},"8b8f7b87-7e93-415f-a52d-56613e17b278","phinn-eeg-topology-dream-state-eeg-zh","PHINN-EEG 用拓撲看夢境 EEG","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1783922588253-kq48.png","2026-07-13T06:02:34.287269+00:00",{"id":54,"slug":55,"title":56,"cover_image":57,"image_url":57,"created_at":58,"category":13},"c4597538-217d-4b81-83d0-9b3cc4153861","google-android-bench-update-gemini-gap-zh","Android Bench 更新，Gemini 掉到第五","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1783906366388-1v3j.png","2026-07-13T01:32:25.247653+00:00",{"id":60,"slug":61,"title":62,"cover_image":63,"image_url":63,"created_at":64,"category":13},"f25ed4f5-db61-4d8c-bc59-e80c93e27927","llm-benchmarks-not-enough-2026-zh","2026 年挑 LLM，別再把 benchmark 當答案","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1783818161840-t0n4.png","2026-07-12T01:02:19.419242+00:00",{"id":66,"slug":67,"title":68,"cover_image":69,"image_url":69,"created_at":70,"category":13},"35378c9f-bc39-4cc0-b9e1-1ce4a746ba5b","rust-breaks-into-tiobe-top-10-zh","Rust 進入 TIOBE 前十的判讀筆記","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1783816365723-zjl1.png","2026-07-12T00:32:23.969578+00:00",[72,77,82,87,92,97,102,107,112,117],{"id":73,"slug":74,"title":75,"created_at":76},"f18dbadb-8c59-4723-84a4-6ad22746c77a","deepmind-bets-on-continuous-learning-ai-2026-zh","DeepMind 押注 2026 連續學習 AI","2026-03-26T08:16:02.367355+00:00",{"id":78,"slug":79,"title":80,"created_at":81},"f4a106cb-02a6-4508-8f39-9720a0a93cee","ml-papers-of-the-week-github-research-desk-zh","每週 ML 論文清單，為何紅到 GitHub","2026-03-27T01:11:39.284175+00:00",{"id":83,"slug":84,"title":85,"created_at":86},"c4f807ca-4e5f-47f1-a48c-961cf3fc44dc","ai-ml-conferences-to-watch-in-2026-zh","2026 AI 研討會投稿時程整理","2026-03-27T01:51:53.874432+00:00",{"id":88,"slug":89,"title":90,"created_at":91},"cf046742-efb2-4753-aef9-caed5da5e32e","adaptive-block-scaled-data-types-zh","IF4：神經網路量化的聰明選擇","2026-03-31T06:00:36.990273+00:00",{"id":93,"slug":94,"title":95,"created_at":96},"53a0dc54-0371-4e40-8d5e-74e94a73840c","geometry-aware-similarity-metrics-for-neural-representations-zh","超越距離測量：用微分幾何重新理解神經網路","2026-03-31T06:01:01.241968+00:00",{"id":98,"slug":99,"title":100,"created_at":101},"fee7d472-a775-4b1d-bbc2-1e8bca1bbf8b","on-the-fly-repulsion-in-the-contextual-space-for-rich-divers-zh","讓AI繪圖更有創意：用排斥力提升生成多樣性","2026-03-31T06:01:25.439673+00:00",{"id":103,"slug":104,"title":105,"created_at":106},"a9901203-d69b-447b-8854-15d14eab32b4","vision-aided-beam-prediction-cnn-eca-zh","影像輔助波束預測升級 CNN","2026-04-01T10:00:25.8073+00:00",{"id":108,"slug":109,"title":110,"created_at":111},"b55e7dd4-0a24-4b3d-804d-b0309a03f498","triple-band-fss-mimo-antenna-sub-6-ghz-zh","三頻 FSS MIMO 天線瞄準 sub-6 GHz","2026-04-01T13:18:36.857305+00:00",{"id":113,"slug":114,"title":115,"created_at":116},"f68290bd-e7f3-4b30-ba22-dcd4e0130a66","openclaw-1299-repos-eight-weeks-analysis-zh","OpenClaw 1299 個 Repo 的資料解讀","2026-04-02T05:03:45.208411+00:00",{"id":118,"slug":119,"title":120,"created_at":121},"ed9f80eb-eb02-4d35-8ad4-0ddf428751dd","beam-coherence-aware-combining-mmwave-mimo-zh","毫米波 MIMO 的雙階合併法","2026-04-02T05:27:26.897188+00:00"]