A supply-chain attack by TeamPCP compromised the LiteLLM package on PyPI, with malicious versions 1.82.7 and 1.82.8 released and distributed.

Attackers published three malicious Trivy releases in quick succession in late March and altered existing version tags in the trivy-action workflow, exploiting unpinned version use to inject code into pipelines.

Mitigation guidance directs Wiz customers to monitor the Threat Center for detections, queries, and guidance to assess and mitigate risk in affected environments.

Industry reaction highlights concern over open-source supply-chain security, urging credential rotations for compromised systems and audits of CI/CD pipelines from the past 48 hours.

Security researchers estimate the threat actors targeted environments across the US, UK, Canada, and Western Europe, with expected continued expansion and activity soon.

Targeted data locations include SSH key files, Kubernetes config and tokens, AWS and GCP credentials, and various config directories such as ~/.config/gcloud and /root/.config/gcloud.

Industry response emphasizes systemic risk to the open-source supply chain and the need for heightened monitoring and credential hygiene.

The attack chain used Kubernetes service accounts for node enumeration, chrooting to host filesystem, and installing a persistence dropper as a systemd user service, with a recurring fetch every 50 minutes unless a YouTube kill switch is detected.

The intrusion began with a Trivy-related incident where a bot stole a privileged PAT, enabling malicious releases and commits and weaponizing automation to facilitate the LiteLLM breach via CI/CD workflows.

The incident is characterized as a large-scale compromise stemming from a single maintainer account, with defenses including dependency pinning, regular key rotation, and removal of unused credentials recommended.

Public governance for non-human identities, like service accounts and PATs, is crucial to cut attacker movement and prevent recurrence.

TeamPCP has targeted multiple ecosystems in under a month, with ongoing activity and expanding impact.