John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
The TeamPCP supply chain campaign finally has a confirmed casualty, and it’s a rough one.
Mercor AI, a recruiting platform, got popped through the compromised LiteLLM dependency. The attackers stole a Tailscale VPN credential from the poisoned package and used it to walk right into Mercor’s network. What they found there is the problem: resumes, video interviews, and passport scans from job applicants.
You can change a password. You can’t change your face.
LAPSUS$ is claiming credit for roughly 4TB of data, including 3TB of video interviews and identity documents. Take the attribution with a grain of salt since LAPSUS$ loves claiming things. But the breach itself is real. Mercor confirmed it.
The broader TeamPCP timeline is alarming. Four compromises in nine days: Trivy, KICS, LiteLLM, and Telnyx. Each one harvested credentials from downstream users. Wiz found that stolen credentials were validated within hours and full cloud infrastructure was mapped within 24. Some of the AWS resources the attackers spun up were literally named “massive-exfil.” Subtle.
The compromised LiteLLM versions (v1.82.7 and v1.82.8) have been cleaned up and Mandiant completed a forensic audit. That helps going forward. It does nothing for the job applicants whose passports are now floating around.