TeamPCP supply chain attack hits LiteLLM PyPI package

Widely used open-source Python package LiteLLM has been targeted by the TeamPCP threat operation to facilitate extensive data compromise as part of its Trivy supply chain attack campaign, reports The Hacker News. TeamPCP has published a pair of illicit LiteLLM packages, which have since been removed from the PyPI repository, to facilitate a three-stage intrusion commencing with the deployment of a credential harvester targeting cloud credentials, cryptocurrency wallets, and SSH keys, followed by the subsequent launches of a Kubernetes lateral movement toolkit and a persistent systemd backdoor, according to an analysis from Endor Labs. "This campaign is almost certainly not over. TeamPCP has demonstrated a consistent pattern: each compromised environment yields credentials that unlock the next target. The pivot from CI/CD (GitHub Actions runners) to production (PyPI packages running in Kubernetes clusters) is a deliberate escalation," said Endor Labs researchers. Such findings come after TeamPCP targeted GitHub Actions, npm, Open VSX, and Docker Hub in the campaign.