TeamPCP Supply Chain: Checkmarx Wider Scope & LiteLLM PyPI Compromise

Executive Summary: TeamPCP Supply Chain Campaign Update

Runtime Rebel is issuing an update regarding the TeamPCP Supply Chain Attack campaign, which has been under active investigation. This latest intelligence, as reported by SANS ISC, confirms a broader scope of impact involving Checkmarx, the security scanning platform, and includes a significant compromise of the LiteLLM PyPI package. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has acknowledged this threat with an entry in its Known Exploited Vulnerabilities (KEV) catalog, underscoring the urgency for immediate action. Security professionals should prioritize understanding the expanded attack surface and deploying available detection mechanisms to mitigate potential compromise.

Technical Details and Analysis of the TeamPCP Campaign

The TeamPCP campaign, first identified with initial access on February 28, 2026, has evolved to include a critical incident on March 24, 2026, involving the LiteLLM PyPI repository. The initial comprehensive report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026), detailed the campaign’s full trajectory, but new developments reveal an even wider impact.

Expanded Checkmarx Scope Implications

The most recent update highlights that the compromise affecting Checkmarx is more extensive than initially reported. Checkmarx is a widely used static application security testing (SAST) solution, integral to many development pipelines for identifying vulnerabilities in code. A broader compromise associated with such a security scanner could have several cascading effects:

• Undermining Trust: If the integrity of security scanning outputs is compromised, organizations might unknowingly deploy applications with unaddressed vulnerabilities, or even maliciously injected code.
• Data Exposure: Security scanners often have access to source code and build environments. An adversary gaining control could lead to intellectual property theft or further Lateral Movement within the development infrastructure.
• Expanded Attack Surface: Organizations relying on Checkmarx should re-evaluate the security of their software development lifecycle (SDLC) processes and review past scan results for any anomalies.

The LiteLLM PyPI Compromise and CISA KEV Entry

On March 24, 2026, the LiteLLM package on the Python Package Index (PyPI) was compromised. PyPI is a critical public repository for Python software, making it a prime target for Supply Chain Attacks. A compromise here means that any project downloading or updating the LiteLLM package during the compromise period could have unknowingly integrated malicious code into their applications. This type of incident often leverages dependency confusion or direct package hijacking, allowing attackers to distribute malware disguised as legitimate software.

The inclusion of this threat in the CISA KEV catalog signifies that federal agencies are required to remediate affected systems, and it serves as a strong signal to all organizations that active exploitation has been confirmed. While the specific CVE ID associated with the KEV entry for the LiteLLM compromise was not detailed in the summary, its presence in the catalog elevates the threat’s priority significantly. Organizations must treat any software dependencies, especially those from public repositories like PyPI, with extreme caution and implement robust verification mechanisms.

Available Detection Tools

The positive development is the availability of detection tools to identify potential compromises related to the TeamPCP campaign. These tools are crucial for defenders to scan their environments, identify IoCs, and confirm whether their systems have been affected. Integration of these tools with existing EDR and SIEM platforms will be vital for effective monitoring and incident response.

Actionable Recommendations: Mitigating TeamPCP Supply Chain Threats

Given the expanded scope and CISA KEV entry, immediate action is warranted to protect against the TeamPCP campaign. Security teams should focus on the following priorities:

• Immediate Scanning and Indicator Sweep:

  • Deploy and execute the recently released detection tools related to the TeamPCP campaign across all development and production environments.
  • Analyze logs from code repositories, build servers, and artifact managers for any anomalous activity or unauthorized access attempts dating back to February 28, 2026.
  • Look for signs of the LiteLLM PyPI compromise and unauthorized modifications to Python dependencies.

• Verify LiteLLM PyPI Package Integrity:

  • All instances of the LiteLLM package should be immediately audited. Verify package hashes against official, untainted versions from a trusted source.
  • Implement robust software supply chain security practices, including cryptographic signing of packages, source code verification, and strict dependency management policies to prevent future LiteLLM PyPI compromise mitigation issues.
  • Consider mirroring essential packages in an internal, secured repository with strict ingress controls.

• Assess Checkmarx Wider Scope Implications:

  • Organizations utilizing Checkmarx must review their usage and deployments for any signs of compromise or manipulation.
  • Conduct an internal audit of all source code processed by Checkmarx during the affected period, looking for suspicious code changes or unexpected scan results.
  • Strengthen access controls and multifactor authentication for all security scanning platforms and their associated accounts.

• Enhanced Software Supply Chain Security:

  • Adopt a Zero Trust approach to software dependencies, treating all external code as untrusted until thoroughly verified.
  • Implement automated tools for continuous monitoring of software artifacts, dependencies, and build environments.
  • Regularly review and update MITRE ATT&CK-aligned detection rules for TTPs associated with supply chain attacks.

• Incident Response Preparedness:

  • Ensure your Incident Response plan specifically addresses supply chain compromises.
  • Conduct tabletop exercises focusing on scenarios involving compromised development tools or package repositories.

By taking these proactive steps, organizations can significantly reduce their exposure to the evolving TeamPCP supply chain threat and better protect their critical assets and intellectual property.