"The Sysdig Threat Research Team said they observed the break-in on November 28, and noted it stood out not only for its speed, but also for the "multiple indicators" suggesting the criminals used large language models to automate most phases of the attack, from reconnaissance and privilege escalation to lateral movement, malicious code writing, and LLMjacking - using a compromised cloud account to access cloud-hosted LLMs."
""The threat actor achieved administrative privileges in under 10 minutes, compromised 19 distinct AWS principals, and abused both Bedrock models and GPU compute resources," Sysdig's threat research director Michael Clark and researcher Alessandro Brucato said in a blog post about the cloud intrusion. "The LLM-generated code with Serbian comments, hallucinated AWS account IDs, and non-existent GitHub repository references all point to AI-assisted offensive operations.""
"The attackers initially gained access by stealing valid test credentials from public Amazon S3 buckets. The credentials belonged to an identity and access management (IAM) user with multiple read and write permissions on AWS Lambda and restricted permissions on AWS Bedrock. Plus, the S3 bucket also contained Retrieval-Augmented Generation (RAG) data for AI models, which would come in handy later during the attack."
An attacker used large language models to automate reconnaissance, privilege escalation, lateral movement, malicious code generation, and LLMjacking during a rapid AWS intrusion. The attacker stole valid test credentials from a public Amazon S3 bucket belonging to an IAM user with Lambda read/write and restricted Bedrock permissions; the same bucket contained Retrieval-Augmented Generation (RAG) data. The attacker escalated to administrative privileges in under ten minutes, compromised 19 AWS principals, and abused Bedrock models and GPU compute resources. LLM-generated artifacts included Serbian comments, hallucinated AWS account IDs, and fictitious GitHub repository references. Recommended mitigations include avoiding public access keys, using temporary role credentials, rotating long-term keys, and securing RAG data and Lambda permissions.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]