https://detection.fyi/sigmahq/sigma/emerging-threats/2026/ta/teampcp/ Recent content in TeamPCP on Detection.FYI Hugo -- gohugo.io Wed, 01 Apr 2026 11:11:45 +0000 https://detection.fyi/sigmahq/sigma/emerging-threats/2026/ta/teampcp/proc_creation_lnx_teampcp_litellm_supply_chain_attack_indicators/ Wed, 01 Apr 2026 11:11:45 +0000 https://detection.fyi/sigmahq/sigma/emerging-threats/2026/ta/teampcp/proc_creation_lnx_teampcp_litellm_supply_chain_attack_indicators/ Detects process executions related to the backdoored versions of LiteLLM (v1.82.7 or v1.82.8). In March 2026, a supply chain attack was discovered involving the popular open-source LLM framework LiteLLM by Threat Actor TeamPCP. The malicious package harvests every credential on the system, encrypts and exfiltrates them, and installs a persistent C2 backdoor. https://detection.fyi/sigmahq/sigma/emerging-threats/2026/ta/teampcp/file_event_lnx_teampcp_litellm_supply_chain_attack_indicators/ Wed, 01 Apr 2026 11:11:45 +0000 https://detection.fyi/sigmahq/sigma/emerging-threats/2026/ta/teampcp/file_event_lnx_teampcp_litellm_supply_chain_attack_indicators/ Detects the creation of specific persistence files as observed in the LiteLLM PyPI supply chain attack. In March 2026, a supply chain attack was discovered involving the popular open-source LLM framework LiteLLM by Threat Actor TeamPCP. The malicious package harvests every credential on the system, encrypts and exfiltrates them, and installs a persistent C2 backdoor.