AI Gateway Hijacked for Cryptomining via Amazon Bedrock

AI Gateway Hijacked for Cryptomining via Amazon Bedrock
Darktrace researchers uncovered a cloud intrusion where a compromised AI gateway linked to Amazon Bedrock was hijacked to mine Monero cryptocurrency. The affected system, an EC2 instance running LiteLLM-Proxy software, had SSH exposed to the internet and was likely breached via brute-force attack before downloading the XMRig miner. Experts warn the incident highlights a critical risk: AI gateways concentrate cloud credentials, model access, and permissions into a single target. A separate suspicious IAM account activity, including attempted Bedrock enumeration from a Vietnam-based IP, was flagged the following day, though Darktrace stopped short of linking the two incidents.
Read the original article →