‘Cryptomining can be a lucrative post-compromise activity in cloud environments’: Experts warn AI gateways connected to Amazon Bedrock are being hijacked to steal crypto



  • Darktrace reports cryptojacking via a compromised AI gateway (LiteLLM‑Proxy on AWS Bedrock), breached through exposed SSH and abused with XMRig mining
  • Attackers also showed suspicious IAM activity, hinting at possible cloud credential misuse, with connections traced to Vietnam
  • Experts warn AI gateways concentrate privileged access, urging strict port closures, least‑privilege roles, and control‑plane monitoring to reduce blast radius

If you are using AI gateways as part of your tech stack, be wary – they are being leveraged in cryptojacking attacks, experts have warned.

Cybersecurity researchers Darktrace have published a new report on a cloud-hosted AI gateway, connected to Amazon Bedrock, which was compromised and used for cryptocurrency mining.

https://cdn.mos.cms.futurecdn.net/Rb6YDzdRZjccpn6MQ26KML-2560-80.jpg



Source link

Latest articles

spot_imgspot_img

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

spot_imgspot_img