← All stories

NetSPI

LiteLLM Supply Chain Compromise

Jake Scheetz · 2026-03-24 · Read original ↗

ATT&CK techniques detected

5 predictions

T1195.001Compromise Software Dependencies and Development Tools

97%

“litellm supply chain compromise litellm supply chain compromise : overview, technical details, and takeaways on march 24, 2026, a supply chain compromise was identified in litellm, a widely adopted open - source llm proxy framework. for those unfamiliar, litellm provides a unifie…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1195.001Compromise Software Dependencies and Development Tools

83%

“, users running the official docker proxy image were not impacted, as that distribution pins package versions in its requirements. txt. current status : both affected versions have been quarantined on pypi, which blocks all pip install attempts until cleared. maintainer account c…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1059.006Python

75%

“security in the python ecosystem remains a persistent challenge. the. pth file execution mechanism is a well - documented feature of python ’ s import system, but it continues to be leveraged as an attack vector because it executes code without any explicit import or invocation. …”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1048.003Exfiltration Over Unencrypted Non-C2 Protocol

64%

“implemented a proper encryption pipeline : all harvested data was written to a temporary file, encrypted with a random aes - 256 - cbc session key ( generated via openssl rand with pbkdf2 key derivation ), and the aes key itself was encrypted with a hardcoded 4096 - bit rsa publi…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1059.006Python

37%

“, users running the official docker proxy image were not impacted, as that distribution pins package versions in its requirements. txt. current status : both affected versions have been quarantined on pypi, which blocks all pip install attempts until cleared. maintainer account c…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

A supply chain attack compromised LiteLLM versions 1.82.7 and 1.82.8 on PyPI, exfiltrating credentials and secrets to an attacker-controlled server.

The post LiteLLM Supply Chain Compromise appeared first on NetSPI.