- Darktrace Reports Cryptojacking via Compromised AI Gateway (LiteLLM‑Proxy on AWS Bedrock), Breached via Exposed SSH and Abused with XMRig Mining
- The attackers also showed suspicious IAM activity, hinting at possible misuse of cloud credentials, with connections traced to Vietnam.
- Experts warn that AI gateways concentrate privileged access, advocating strict port closures, least privilege roles, and control plane monitoring to reduce the blast radius.
If you use AI gateways as part of your tech stack, beware: They are being exploited in cryptojacking attacks, experts have warned.
Cybersecurity researchers Darktrace have released a new report on a cloud-hosted AI gateway connected to Amazon Bedrock that was compromised and used for cryptocurrency mining.
An AI gateway is software that runs between users or applications and one or more AI models. This is not unlike a reverse proxy or API gateway, but only for AI services. In this case, an Amazon EC2 instance running an AI gateway called LiteLLM-Proxy was given centralized access to large language models (LLMs) hosted on Amazon Bedrock (AWS’s fully managed generative AI platform).
Shady Vietnamese accounts
According to Darktrace, the malicious actors likely gained access via a brute force attack, since the EC2 instance was configured to accept SSH connections from anywhere on the Internet.
After breaking in, they downloaded XMRig, by far the most popular cryptocurrency mining program. Within minutes, the instance began making repeated encrypted connections to a cryptocurrency mining pool, which also triggered Darktrace’s alarms and spotted the attack.
Shortly after, Darktrace spotted more suspicious activity, this time involving an AWS Identity and Access Management (IAM) user. This account began issuing unexpected and previously unused commands, such as enumerating and invoking Amazon Bedrock foundation templates, or attempting to configure a new IAM user account.
The final red flag was this user’s IP address – stretching all the way back to Vietnam. Darktrace said there was not enough evidence to conclusively link IAM activity to the earlier AI Gateway compromise, but noted that this behavior could indicate an attempt to misuse cloud credentials.

The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.




