Regular internet users and corporations are not the only victims of malicious hackers. Sometimes, the hackers themselves get hacked.

In an unusual hacking campaign dubbed “PCPJack,” a group targeted systems compromised by another prolific cybercrime group known as TeamPCP. Once inside, they expelled the original hackers and removed their tools.

The PCPJack hackers use their access to deploy code that spreads across cloud infrastructure like a self-spreading worm, steal credentials and send stolen data back to their own servers. This campaign mirrors previous TeamPCP attacks on cloud infrastructure, suggesting the new group may be a rival or disgruntled former members.

According to SentinelOne, the hackers’ main goal is financial, focusing on selling stolen credentials for profit. They do not try to mine cryptocurrency, likely due to the lower immediate returns. Their tactics include phishing and fake help desk websites to obtain password manager details.