A criminal group known as TeamPCP has carried out one of the most sophisticated supply chain attacks documented so far. In this specific case, they compromised the LiteLLM software library on PyPI by inserting malicious code into versions 1.82.7 and 1.82.8. The compromise allowed credential theft and facilitated remote access to developer systems. The attackers also exfiltrated sensitive data including SSH keys and Kubernetes secrets, enabling persistent lateral movement within compromised infrastructures. The research team has identified that TeamPCP has also compromised other critical security tools such as Trivy and Checkmarx KICS, suggesting a coordinated campaign against security supply chains.
Backdoor in Your AI Gateway: Compromise in the LiteLLM Supply Chain
Summary: TeamPCP, a criminal group, compromised the LiteLLM software library on PyPI by inserting malicious code that allowed credential theft and remote access to systems.
Key facts
- Versions 1.82.7 and 1.82.8 of LiteLLM contained malicious code that allowed credential theft and remote access to systems.
- The attack allowed the exfiltration of sensitive data, including SSH keys and Kubernetes secrets.
- TeamPCP has compromised other critical security tools such as Trivy and Checkmarx KICS.
Why it matters
This incident highlights the need for increased vigilance and protection in technological supply chains and the importance of maintaining software and services on secure platforms.