A coordinated supply chain attack attributed to threat actor TeamPCP has compromised multiple developer tools: Checkmarx's KICS GitHub Action and two VS Code plugins were poisoned on March 23, following a similar attack on Aqua Security's Trivy scanner. The campaign also spread to PyPI, infecting LiteLLM packages (versions 1.82.7 and 1.82.8) with infostealer malware capable of stealing SSH keys, cloud credentials, API tokens, Docker configs, and crypto wallet data. Wiz Research notes LiteLLM is present in 36% of cloud environments, suggesting a wide blast radius. Shared indicators of compromise link all incidents, and attackers have signaled more targets are coming, with Wiz reporting possible collaboration with the LAPSUS$ extortion group.
Table of contents
A Broadening Supply Chain AttackAttackers Are After Developer SecretsThe TeamPCP Cyber Threat Set to GrowSort: