THREATNOIR
Subscribe
Back to Feed
Supply ChainApr 21, 2026

Silverfort + SentinelOne: Securing Identities in the AI Era On March 31, 2026, a North Korean st...

North Korean actor exploits trojaned LiteLLM package in supply chain attack detected within 89 seconds of release.

Read at source

Summary

On March 31, 2026, a North Korean state-sponsored actor executed a supply chain attack by compromising the LiteLLM package, with the first malicious infection detected just 89 seconds after the trojaned version was published. SentinelOne identified the compromised package as part of an apparent coordinated campaign targeting organizations relying on the popular LLM proxy library. The rapid exploitation suggests reconnaissance and automation of infection chains.

Indicators of Compromise

  • malware — trojaned LiteLLM

Entities

North Korean state actor (threat_actor)SentinelOne (vendor)LiteLLM (product)Silverfort (vendor)Python package management (technology)