SentinelOne Thwarts Supply Chain Attack on LiteLLM in Week 14 of 2024

SentinelOne detected and stopped a supply chain attack targeting LiteLLM in real time during Week 14 of 2024. Attackers weaponized the Axios JavaScript library to deploy a remote access trojan (RAT). Additionally, a zero-day vulnerability in Google Chrome was exploited to enable remote code execution (RCE). The incidents involved malicious actors leveraging legitimate tools and unpatched flaws to compromise systems. No specific CVE IDs, affected versions, or victim organizations were disclosed in the report.