TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point to more attacks to come.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

A coordinated supply chain attack attributed to threat actor TeamPCP has compromised multiple developer tools: Checkmarx's KICS GitHub Action and two VS Code plugins were poisoned on March 23, following a similar attack on Aqua Security's Trivy scanner. The campaign also spread to PyPI, infecting LiteLLM packages (versions 1.82.7 and 1.82.8) with infostealer malware capable of stealing SSH keys, cloud credentials, API tokens, Docker configs, and crypto wallet data. Wiz Research notes LiteLLM is present in 36% of cloud environments, suggesting a wide blast radius. Shared indicators of compromise link all incidents, and attackers have signaled more targets are coming, with Wiz reporting possible collaboration with the LAPSUS$ extortion group.

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit