- Darktrace reports cryptojacking via a compromised AI gateway (LiteLLM-Proxy on AWS Bedrock), breached through exposed SSH and exploited with XMRig mining
- Attackers also showed suspicious IAM activity, suggesting possible misuse of cloud credentials with connections traced to Vietnam
- Experts warn AI gateways to concentrate privileged access and call for strict port closures, least privileged roles and control plane monitoring to reduce blast radius
If you use AI gateways as part of your technology stack, beware – they are being exploited in cryptojacking attacks, experts have warned.
Cybersecurity researchers Darktrace have published a new report about a cloud-hosted AI gateway connected to Amazon Bedrock that was compromised and used for cryptocurrency mining.
An AI gateway is a piece of software that runs between users or applications and one or more AI models. It’s not unlike a reverse proxy or an API gateway, but only for AI services. In this case, an Amazon EC2 instance running an AI gateway called LiteLLM-Proxy was given centralized access to large language models (LLM) hosted on Amazon Bedrock (AWS’ fully managed generative AI platform).
Shady Vietnamese accounts
According to Darktrace, threat actors most likely gained access through a brute-force attack, as the EC2 instance was configured to accept SSH connections from anywhere on the Internet.
After breaking in, they downloaded XMRig, by far the most popular cryptocurrency mining program. Within minutes, the instance began making repeated encrypted connections to a cryptocurrency mining pool, which also triggered Darktrace’s alerts and detected the attack.
Shortly thereafter, Darktrace detected more suspicious activity, this time involving an AWS Identity and Access Management (IAM) user. This account began issuing unexpected and previously unused commands, such as enumerating and invoking Amazon Bedrock foundation models or attempting to create a new IAM user account.
The final red flag was this user’s IP address – traces back all the way to Vietnam. Darktrace said there was insufficient evidence to definitively link the IAM activity to the earlier compromise of the AI gateway, but stressed that the behavior could indicate attempts to abuse cloud credentials.

The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.



