As organizations increasingly integrate generative AI applications with cloud services like Amazon Bedrock, AI gateways have become prime targets for cyber attackers. These gateways, positioned between users, business applications, and large language models, offer a strategic entry point into enterprise networks.
Darktrace recently investigated a compromised Amazon Web Services (AWS) EC2 instance named “LiteLLM-Proxy,” functioning as an AI gateway connected to Amazon Bedrock via an Identity and Access Management (IAM) role. Following the suspected breach, the server downloaded XMRig cryptomining malware and established connections to known mining infrastructure.
AI gateways are critical components that manage authentication, model routing, logging, policy controls, and access to foundational models. Their role often involves holding cloud permissions and service credentials, making their compromise particularly concerning. Unauthorized access to these gateways can expose cloud identities, sensitive prompts, AI model services, application workflows, and connected resources.
Details of the Attack
The Darktrace investigation commenced on June 12, 2026, when the company detected active cryptomining behavior from the LiteLLM-Proxy EC2 instance. Notably, the host had its SSH port (port 22) exposed to the internet, allowing inbound traffic from any IP address. This configuration led to a high volume of short-lived SSH connection attempts, including traffic from the IP address 145.241.123[.]102.
Although it remains unconfirmed whether an SSH login was successful, the exposed service and the pattern of brute-force-like activity suggest that SSH was a potential initial access vector. Internet-facing cloud services are common targets for attackers exploiting weak passwords, exposed credentials, vulnerable software, or insecure configurations.
Attack Progression
- Internet-Exposed SSH Access: The LiteLLM-Proxy AI gateway had its SSH port open to the internet, facilitating potential brute-force attempts.
- XMRig Payload Download: The compromised EC2 instance downloaded XMRig cryptomining malware.
- Mining Pool Communication: The host established connections to a cryptomining pool over HTTPS.
- Active Cryptomining: Attackers hijacked cloud resources to mine cryptocurrency.
- Suspicious IAM Activity: Unusual AWS CLI activity indicated potential credential misuse or persistence attempts.
Prior to the mining activity, the affected instance downloaded approximately 1 MB of data from 185.62.1[.]8 over HTTP. This endpoint appeared to host a ZIP archive containing XMRig, a widely abused open-source cryptocurrency miner. Shortly thereafter, the server began making repeated HTTPS connections to pool.hasvault[.]pro, a domain associated with cryptomining infrastructure. Utilizing HTTPS over port 443 can make such traffic appear normal when viewed in isolation. However, behavioral monitoring identified the destination, repeated connection pattern, and unusual activity as indicators of resource hijacking.
Darktrace escalated the event upon detecting active cryptocurrency mining on the cloud workload. Investigators also identified suspicious IAM activity the following day, with an IAM user accessing the compromised instance in an unusual manner.
This incident underscores the critical need for organizations to secure their AI gateways. As these gateways become integral to AI deployments, they present attractive targets for cyber attackers. Ensuring robust security measures, including proper configuration, regular monitoring, and prompt response to anomalies, is essential to protect enterprise networks from such sophisticated threats.