Mercor Hit by LiteLLM Supply Chain Attack A cybersecurity incident involving the LiteLLM platform has impacted AI recruiting firm Mercor, according to a disclosure made by the company. The breach, linked to a supply chain attack, was attributed to the Trivy dependency, which was exploited by the TeamPCP hacking group. The attack occurred on March 27, following a Trivy-related breach a week earlier. LiteLLM, a widely used open-source framework, is estimated to be present in 36% of cloud environments. The TeamPCP group, using compromised credentials of a maintainer, published two malicious LiteLLM PyPI package versions—1.82.7 and 1.82.8—which were available for download for approximately 40 minutes. While the exposure window was brief, the malicious packages were likely automatically downloaded by thousands of users, including Mercor. Mercor confirmed it was among the thousands of companies affected by the supply chain attack. The company stated its security team acted swiftly to contain and remediate the incident, with support from third-party forensics experts. However, the company has not disclosed specific details about the extent of the breach or the data compromised. The Lapsus$ extortion group, known for leaking stolen data, listed Mercor on its leak site, claiming the theft of over 4 terabytes of data. TeamPCP, which has previously partnered with Lapsus$ to monetize stolen data, is suspected of being involved in the breach. While Mercor has not confirmed the Lapsus$ claims, the connection between the groups highlights the broader threat posed by supply chain attacks. SecurityWeek reported that the attack underscores the vulnerabilities in software supply chains, where third-party dependencies can be exploited to compromise large-scale systems.#lite_llm #mercor #team_pcp #trivy #lapsus
