
Experts found the attack familiar and consistent with past cloud attack techniques.
“Strip off the AI branding and this is a cloud intrusion pattern we’ve been watching since at least 2018: SSH open to the internet, brute-force attempts, a commodity XMRig miner, and repeated connections to a mining pool,” said Sean Malone, CISO at BeyondTrust. “Even the AI-specific angle, stolen credentials probing Bedrock model access, has had a name since 2024: LLMjacking.”
However, Malone agreed with Darktrace researchers on the potential blast radius. “AI gateways concentrate credentials, cloud permissions, and model access into a single choke point, so a routine intrusion lands on a privileged asset,” he explained.
The attack followed a known pattern
According to Darktrace, the compromised EC2 instance appeared to support LiteLLM activity and was associated with an IAM role capable of accessing Amazon Bedrock resources. While researchers could not conclusively determine the initial access vector, they said the attack followed a sequence commonly seen in cloud intrusions.
