- Updated: March 27, 2026
- 4 min read
Telnyx Python SDK Supply‑Chain Attack: March 2026 Security Notice
**Telnyx Python SDK – Supply‑Chain Security Notice (Mar 2026) – Briefing Summary**
—
### 1. What happened?
– **Date & Time:** March 27 2026 – 03:51 UTC to 10:13 UTC (≈ 6½ hrs).
– **Incident:** Two **unauthorized** releases of the Telnyx Python SDK were pushed to PyPI:
– `telnyx==4.87.1` (published at 03:51 UTC)
– `telnyx==4.87.2` (published shortly after)
– Both packages contained **malicious code** (C2 communication, steganographic payload delivery).
– The packages were **removed** and **quarantined** by 10:13 UTC the same day.
### 2. Scope & Context
| Aspect | Detail |
|——–|——–|
| **Supply‑chain vector** | Compromise of the PyPI publishing credentials for the Telnyx SDK. |
| **Broader campaign** | Same attacker group also hit **Trivy** (Mar 19), **LiteLLM** (Mar 24) and **Checkmarx** – a multi‑week supply‑chain attack. |
| **Telnyx infrastructure** | **Not compromised** – the platform, APIs, voice/messaging services, SIP, AI inference, and production data remained untouched. |
| **SDK role** | Pure client library that wraps public Telnyx APIs; it has **no privileged access** to Telnyx back‑ends. |
| **Attack surface** | Limited to the **PyPI distribution channel** for the Python SDK. |
### 3. Who is affected?
– **Directly affected** if you **installed or upgraded** the `telnyx` package **between 03:51 UTC and 10:13 UTC on 27 Mar 2026** and received version **4.87.1** or **4.87.2**.
– **Potentially affected** via **transitive, unpinned dependencies** (e.g., a CI/CD pipeline that pulled the SDK as a sub‑dependency).
– **Not affected** if you:
– Run version **4.87.0** or earlier.
– Did not install/upgrade during the window.
– Use Telnyx REST APIs directly without the Python SDK.
### 4. Quick verification
“`bash
pip show telnyx # look at the “Version:” line
“`
– **If version = 4.87.1 or 4.87.2 → treat as compromised.**
### 5. Immediate remediation steps
1. **Downgrade** to the last known‑good release:
“`bash
pip install telnyx==4.87.0
“`
2. **Rotate every secret** that could have been accessed from the compromised environment:
– Telnyx API keys
– Database credentials
– Cloud provider tokens (AWS, GCP, Azure)
– SSH keys / service accounts
– Any env‑var or config‑file secrets
3. **Audit** for outbound traffic to the known C2 server: **`83.142.209.203:8080`** (and any future IOCs).
4. Review **CI/CD pipelines, Docker builds, and dependency‑lock files** for unpinned `telnyx` references.
5. Run a **full security scan** (e.g., with Trivy, which itself was recently compromised – verify you have a clean version).
### 6. Indicators of Compromise (IOCs)
| Type | Value |
|——|——-|
| **C2 server** | `83.142.209.203:8080` |
| **Exfil technique** | WAV‑steganography payload delivery |
| **Additional IOCs** | To be published as investigation progresses. |
### 7. What was **not** compromised?
– No breach of Telnyx’s **production APIs, voice/messaging services, SIP, networking, AI inference, or data stores**.
– The SDK only wraps public endpoints; it never held privileged credentials to Telnyx back‑ends.
### 8. Telnyx’s response & ongoing actions
– **Removed** the malicious packages from PyPI within hours.
– **Investigating** how the publishing credentials were obtained.
– **Monitoring** for further supply‑chain activity and will publish additional IOCs.
– **Communicating** with affected customers and providing support via **[email protected]**.
### 9. Nuances to highlight for content creators
– **Speed of response**: The entire window from publication to quarantine was under 7 hours – a strong example of rapid incident handling.
– **Supply‑chain risk**: Even well‑known, reputable libraries can be hijacked; emphasize the importance of **pinned dependencies** and **trusted publishing pipelines**.
– **Transitive risk**: Many teams may be unaware that a third‑party library they don’t directly import could pull in a compromised SDK.
– **Broader campaign context**: This is not an isolated event; it’s part of a coordinated attack on multiple open‑source tools, underscoring the need for **ecosystem‑wide vigilance**.
– **No data loss**: Clarify that while the SDK was malicious, no Telnyx customer data was accessed – the threat was limited to **potential credential exposure** on the attacker’s side.
### 10. One‑sentence elevator pitch
> “On March 27 2026, two malicious versions of Telnyx’s Python SDK (4.87.1/4.87.2) were briefly published to PyPI as part of a coordinated supply‑chain attack; Telnyx quickly removed them, but any environment that installed those versions must downgrade, rotate secrets, and audit for C2 traffic, while noting that Telnyx’s own services and customer data remained untouched.”
—
**Use this briefing to craft blog posts, internal alerts, or press releases that clearly convey the incident timeline, impact, remediation, and the broader supply‑chain security lessons.**