TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
Summary
The threat actor TeamPCP has compromised the popular Python package 'litellm', injecting malicious versions (1.82.7 and 1.82.8). These compromised versions contain a credential harvester, a Kubernetes lateral movement toolkit, and a backdoor. This compromise is believed to have occurred via a supply chain attack targeting Trivy's CI/CD pipeline.
IFF Assessment
The compromise of a widely used software package with malicious code that harvests credentials and enables lateral movement poses a direct threat to organizations using the affected software.
Defender Context
Defenders should be highly cautious of recent versions of the 'litellm' Python package and consider downgrading or thoroughly scanning their environments for the malicious components. This incident highlights the ongoing risks associated with supply chain attacks and the need for robust software supply chain security measures, including vigilant monitoring of dependencies and build pipelines.