Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Linux Kernel FUSE Vulnerability (CVE-2023-XXXX) Lets Attackers Gain Root Privileges
July 10, 2026
Critical GNU Guix Vulnerabilities Let Attackers Elevate Privileges
July 10, 2026
Critical Windows Shortcut Vulnerability Allows Remote Code Execution
July 10, 2026
Home/CyberSecurity News/AI Gateways Emerge as New Attack Surface for Enterprise Network Compromise
CyberSecurity News

AI Gateways Emerge as New Attack Surface for Enterprise Network Compromise

Key Takeaways AI gateways, critical components connecting generative AI applications to cloud services like Amazon Bedrock, are emerging as a prime target for attackers. A compromised LiteLLM-Proxy...

Marcus Rodriguez
Marcus Rodriguez
July 10, 2026 5 Min Read
3 0

Key Takeaways

  • AI gateways, critical components connecting generative AI applications to cloud services like Amazon Bedrock, are emerging as a prime target for attackers.
  • A compromised LiteLLM-Proxy EC2 instance, functioning as an AI gateway, was observed downloading XMRig cryptomining malware and engaging in suspicious IAM activity.
  • The initial compromise likely occurred via an internet-exposed SSH port, highlighting the ongoing risk of basic security misconfigurations in cloud environments.
  • Attackers aim to exploit these gateways not only for resource hijacking (cryptomining) but also for potential access to cloud identities, sensitive data, and broader enterprise network compromise.

Organizations are increasingly integrating generative artificial intelligence into their operations, often leveraging cloud services such as Amazon Bedrock. This integration relies on AI gateways, which are rapidly becoming a new, attractive attack surface for threat actors aiming to infiltrate enterprise networks.

Table Of Content

  • Key Takeaways
  • Hackers Target AI Gateways
  • Key Attack Stages
  • What You Should Do

These gateways serve as crucial intermediaries, managing interactions between users, business applications, and large language models. Their central role in routing requests, handling authentication, logging activity, enforcing policy controls, and managing access to foundation models makes them a high-value target.

Cybersecurity firm Darktrace recently uncovered a significant incident involving a compromised Amazon Web Services (AWS) EC2 instance, identified as “LiteLLM-Proxy.” This instance appeared to function as an AI gateway, connected to Amazon Bedrock via an AWS Identity and Access Management (IAM) role. Following the suspected breach, the server was observed downloading XMRig cryptomining malware and subsequently establishing repeated connections to known mining infrastructure.

The compromise of an AI gateway can extend far beyond a single server due to the extensive cloud permissions and service credentials often held by these components. This elevated access means attackers could potentially gain control over cloud identities, sensitive prompts, AI model services, application workflows, and a wide array of connected resources.

Hackers Target AI Gateways

The Darktrace investigation began on June 12, 2026, when the company’s security platform detected active cryptomining activities originating from the LiteLLM-Proxy EC2 instance. A key vulnerability identified was that the host had its SSH port exposed directly to the internet, allowing inbound connections from any IP address.

Darktrace telemetry recorded a high volume of brief SSH connection attempts targeting the instance. Among these attempts was traffic originating from the IP address 145.241.123[.]102. While investigators could not definitively confirm a successful SSH login, the combination of an internet-exposed service and the observed brute-force-like activity strongly suggests SSH as the likely initial access vector.

This incident underscores a persistent threat: internet-facing cloud services remain a frequent target for malicious actors. These attackers consistently seek to exploit vulnerabilities such as weak passwords, exposed credentials, unpatched software, or misconfigured security settings to gain unauthorized access.

Key Attack Stages

The Darktrace analysis revealed a clear sequence of events in the attack lifecycle:

  • Internet-Exposed SSH Access: The LiteLLM Proxy AI gateway was found to have its SSH service (port 22) exposed to the public internet, facilitating potential brute-force attacks.
  • XMRig Payload Download: The compromised EC2 instance proceeded to download the XMRig cryptomining malware.
  • Mining Pool Communication: The infected host established connections to a cryptomining pool over HTTPS.
  • Active Cryptomining: Attackers successfully hijacked cloud resources to mine cryptocurrency, a technique mapped to MITRE ATT&CK T1496.
  • Suspicious IAM Activity: Unusual AWS Command-Line Interface (CLI) activity was observed, indicating potential credential misuse or attempts to establish persistence.

Prior to the commencement of the cryptomining operations, the affected instance downloaded approximately 10 MB of data via HTTP from the IP address 185.62.1[.]8. This endpoint appeared to host a ZIP archive containing XMRig, an open-source cryptocurrency miner frequently exploited by attackers.

Shortly after the payload download, the server initiated repeated HTTPS connections to pool.hasvault[.]pro, a domain known to be associated with cryptomining infrastructure. While using HTTPS over port 443 might typically blend in with legitimate traffic, Darktrace’s behavioral monitoring capabilities flagged the specific destination, the repetitive connection pattern, and the overall unusual activity as clear indicators of resource hijacking.

Darktrace escalated the incident upon detecting active cryptocurrency mining on the cloud workload. Further investigation the following day uncovered suspicious IAM activity, adding another layer of concern to the compromise.

An IAM user was observed accessing AWS services through the AWS CLI from an IP address located in Vietnam, an anomaly for that particular account. The user attempted various actions, including GetSendQuota, ListFoundationModels, InvokeModel, and CreateUser. The failed Amazon Bedrock commands, specifically ListFoundationModels and InvokeModel, could suggest that the attackers were attempting to discover available models or gain unauthorized access to them.

The attempt to CreateUser was particularly alarming, as it is a common tactic for attackers to establish new cloud accounts to maintain access even if stolen credentials are revoked or changed. While Darktrace could not definitively link this IAM activity directly to the compromised AI gateway, the incident starkly demonstrates the necessity of protecting AI infrastructure with the same rigor applied to any other critical cloud workload.

The following Indicators of Compromise (IOCs) were identified:

IOC Category Value
Affected Asset LiteLLM Proxy EC2 Instance
Initial Access IP 145.241.123[.]102
Exposed Service SSH (Port 22)
Payload Hosting IP 185.62.1[.]8
Malware XMRig
Mining Pool Domain pool.hasvault[.]pro
Suspicious IAM Source IP 14.176.1[.]47
Suspicious AWS Activity GetSendQuota, ListFoundationModels, InvokeModel, CreateUser
MITRE ATT&CK Techniques T1133, T1078, T1059, T1136, T1526, T1496

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

As AI gateways consolidate access to vital models and cloud services, they represent increasingly high-impact targets for cybercriminals. Defenders must adopt a comprehensive approach, correlating identity, workload, network, and cloud control-plane activity to detect compromises swiftly, preventing attackers from escalating beyond initial cryptomining into broader enterprise operations.

What You Should Do

  • Restrict SSH Access: Ensure SSH access to cloud instances is strictly limited and not exposed to the public internet. Utilize bastion hosts or VPNs for secure remote access.
  • Implement Least-Privilege IAM Policies: Apply the principle of least privilege to all IAM roles and users, granting only the necessary permissions for their function.
  • Avoid Long-Term Access Keys: Use temporary credentials and rotate access keys frequently to minimize the window of opportunity for attackers.
  • Monitor AI Gateway Logs: Regularly review logs from AI gateways for unusual authentication attempts, unauthorized access to models, or suspicious configuration changes.
  • Track Unusual Outbound Network Traffic: Implement robust network monitoring to detect unexpected outbound connections, especially to known malicious IPs or cryptomining pools.
  • Integrate Behavioral Monitoring: Employ AI-driven behavioral analytics to identify anomalies in cloud workload activity that might indicate compromise, even if individual actions appear benign.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitHackerMalwareThreat

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

New Windows Process Injection Technique Evades 4 EDR Solutions

Next Post

RoguePlanet Defender Patch (CVE-2023-XXXX) Exposes Data, Exhausts Disk Space

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
New Windows Process Injection Technique Evades 4 EDR Solutions
July 10, 2026
Xalgorix AI Tool Vulnerability Exposes Sensitive Data
July 10, 2026
Odyssey Stealer Targets macOS Users and 300 Crypto Wallet Extensions Globally
July 10, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us