CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Supply Chain Security

Mercor Hit by LiteLLM Supply Chain Attack

The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek.

Mercor hacked

AI recruiting firm Mercor has disclosed impact from the recent LiteLLM supply chain attack, after extortionists claimed the theft of 4 terabytes of data.

The LiteLLM incident occurred on March 27 and was the result of the Trivy supply chain attack that was mounted a week before.

“We believe that the compromise originated from the Trivy dependency used in our CI/CD security scanning workflow,” LiteLLM notes in its description of the incident.

Using a maintainer’s compromised credentials, the TeamPCP hacking group published two malicious LiteLLM PyPI package versions, namely 1.82.7 and 1.82.8, which were available for download for roughly 40 minutes.

LiteLLM is estimated to be present in 36% of cloud environments, and while the exposure window appears small, the malicious package versions were likely automatically downloaded by thousands, including Mercor.

“We recently identified that we were one of thousands of companies impacted by a supply chain attack involving LiteLLM,” the startup said on Wednesday.

“Our security team moved promptly to contain and remediate the incident. We are conducting a thorough investigation supported by leading third-party forensics experts,” Mercor added.

While the company has not shared details on the impact, the Lapsus$ extortion group listed Mercor on its leak site on Monday, claiming the theft of over 4TB of data.

Lapsus$ is auctioning the information, which allegedly includes candidate profiles, personally identifiable information, employer data, user accounts and credentials, video interviews, proprietary information, source code, keys and secrets, and TailScale VPN data.

TeamPCP was recently reported to have partnered with Lapsus$ to monetize the data and access obtained as part of its broad supply chain campaign, and it is no surprise that the extortion group has listed Mercor on its leak site. However, the company has yet to confirm Lapsus$ claims.

SecurityWeek has emailed Mercor for a statement on the matter and will update this article if the company responds.

Related: Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Related: TeamPCP Moves From OSS to AWS Environments

Related: Axios NPM Package Breached in North Korean Supply Chain Attack

Related: Toy Giant Hasbro Hit by Cyberattack

Latest News

CYBERNEWSMEDIAPublisher