Mercor Cyberattack Linked to LiteLLM Supply Chain Compromise

Severity: Medium (Score: 51.9)

Sources: Techcrunch, Thecyberexpress

Summary

Mercor, an AI recruiting startup, confirmed a cyberattack linked to a supply chain compromise involving the open-source project LiteLLM. The attack, attributed to the hacking group TeamPCP, has affected thousands of companies, including Mercor. The incident also saw the extortion group Lapsus$ claiming responsibility for accessing Mercor's data. While the specific method of data exfiltration remains unclear, Lapsus$ shared samples of allegedly stolen data, including Slack and ticketing information. Founded in 2023, Mercor has rapidly grown to a valuation of $10 billion, facilitating over $2 million in daily payouts to contractors. The company is currently investigating the breach with third-party forensics experts and has stated it is committed to communicating with affected parties. The LiteLLM project was compromised when malicious code was discovered in a package, prompting immediate remediation efforts. However, the full scope of the impact and the number of affected organizations are still under investigation. Key Points: • Mercor was hit by a cyberattack linked to the compromised LiteLLM open-source project. • The attack has affected thousands of companies, with Lapsus$ claiming responsibility for data access. • Mercor is conducting a thorough investigation and has engaged third-party forensics experts.

Key Entities

• Data Breach (attack_type)
• Supply Chain Attack (attack_type)
• Mercor (company)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1195 - Supply Chain Compromise (mitre_attack)