TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Kaspersky Securelist

An AI gateway designed to steal your data

Vladimir Gursky · 2026-03-26 · Read original ↗

ATT&CK techniques detected

10 predictions
T1195.001Compromise Software Dependencies and Development Tools
95%
"an ai gateway designed to steal your data a significant proportion of cyberincidents are linked to supply chain attacks, and this proportion is constantly growing. over the past year, we have seen a wide variety of methods used in such attacks, ranging from creation of malicious …"
T1195.001Compromise Software Dependencies and Development Tools
94%
"the pypi repository for python. a technical analysis revealed that the attackers ’ primary targets were servers storing confidential data related to aws, kubernetes, npm, etc., as well as various databases ( mysql, postgresql, mongodb, etc. ). in the latter case, the attackers we…"
T1027Obfuscated Files or Information
91%
"technical analysis both versions of the library contained the same malicious code, but its execution was implemented differently. in version 1. 82. 7, it was executed only when the proxy functionality was imported, while in 1. 82. 8, a. pth file was added that was able to execute…"
T1611Escape to Host
84%
"secrets and accounts, but also in communication channels within the development team. in the next stage, the malware moves from data collection to establishing a foothold in the kubernetes cluster infrastructure : if it has sufficient access, it configures a privileged pod ( the …"
T1195.001Compromise Software Dependencies and Development Tools
78%
"dev - assist 1. 7. 0. checkmarx is used for application security assessment. these trojanized extensions contained malicious code that delivered the nodejs version of the malware described above. this version is downloaded from checkmarx [. ] zone / static / checkmarx - util - 1.…"
T1552.005Cloud Instance Metadata API
72%
"certificates a notable feature of this malware is that it does not limit itself to stealing files and configurations from the disk but also attempts to extract runtime secrets from the cloud infrastructure. the code above uses the addresses 169. 254. 169. 254 and 169. 254. 170. 2…"
T1195.001Compromise Software Dependencies and Development Tools
61%
"victimology while assessing the attack ’ s impact, we saw victims all over the world. most infection attempts occurred in russia, china, brazil, the netherlands, and uae. conclusion as the technical analysis shows, the malicious scripts found in the litellm versions are dangerous…"
T1059.006Python
39%
"the pypi repository for python. a technical analysis revealed that the attackers ’ primary targets were servers storing confidential data related to aws, kubernetes, npm, etc., as well as various databases ( mysql, postgresql, mongodb, etc. ). in the latter case, the attackers we…"
T1552.004Private Keys
34%
"- initialized public rsa key. the encrypted key and the output were combined into a tpcp. tar. gz archive and sent to the attackers ’ remote server. what exactly happened within the malicious payload whose output was sent to the c2 server? after it was launched, a recursive scan …"
T1059.006Python
30%
"technical analysis both versions of the library contained the same malicious code, but its execution was implemented differently. in version 1. 82. 7, it was executed only when the proxy functionality was imported, while in 1. 82. 8, a. pth file was added that was able to execute…"

Summary

Dissecting the supply chain attack on LiteLLM, a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to protect yourself.