Back to Feed
MalwareJul 9, 2026

AI Gateway Connected to Amazon Bedrock Hijacked for Cryptomining

AI gateway connected to Amazon Bedrock hijacked for cryptomining via exposed SSH.

Summary

A LiteLLM AI gateway connected to Amazon Bedrock was compromised and used for Monero cryptomining. The attack vector appears to be an exposed SSH port, leading to the download of XMRig malware and subsequent connection to a mining pool. The incident highlights the security risks associated with AI gateways acting as privileged cloud infrastructure.

Full text

Security Artificial Intelligence CryptoAI Gateway Connected to Amazon Bedrock Hijacked for Cryptomining Darktrace says a LiteLLM AI gateway linked to Amazon Bedrock was compromised for cryptomining after signs of exposed SSH activity. byWaqasJuly 9, 20262 minute read Listen to this article 0:00 — ← 10s ▶ Play 10s → Speed 0.75× 1× 1.25× 1.5× 2× Voice Loading voices… Press play to start listening An Amazon EC2 instance running LiteLLM and connected to Amazon Bedrock was compromised and used for cryptomining, according to new research from Darktrace. In this case, the mined cryptocurrency was Monero (XMR). The company said the EC2 instance, named “LiteLLM-Proxy,” appeared to operate as an AI gateway and had an instance profile with access to Amazon Bedrock resources. That role made the host more valuable than a typical compute server because AI gateways can handle authentication, model routing, prompts, logs, policy controls, and cloud permissions. The incident began with a familiar cloud security problem. Port 22 on the instance was open to 0.0.0.0/0, leaving SSH accessible from the public internet. Before the mining activity started, Darktrace observed a high volume of short inbound connection attempts, mainly from the IP address 145.241.123(.)102. Many of those sessions lasted only a few seconds, which was consistent with scanning or failed login attempts. Darktrace could not confirm that an SSH login succeeded, but the exposed service, repeated connection attempts, malware download, and later mining traffic made SSH a plausible route into the host. The compromised instance later downloaded 3.42 MB of data over HTTP from 185.62.1(.)8. Darktrace said the endpoint appeared to host a ZIP archive containing XMRig, a widely used cryptocurrency miner. Minutes after that download, the EC2 instance began connecting repeatedly to pool.hasvault(.)pro over HTTPS on port 443. The repeated outbound traffic matched activity associated with a mining pool, where infected systems receive computational work and return results. According to Darktrace’s technical report shared with Hackread.com ahead of publishing on Thursday, its monitoring systems classified the behavior as high-priority cryptocurrency mining, and its SOC escalated the incident to the customer. The host was later shut down. However, the miner itself was not the most serious part of the case. The affected system appeared to sit between applications and Amazon Bedrock, giving it a role in AI access as well as ordinary cloud operations. A compromise of such a gateway could expose credentials, model permissions, prompts, logs, and connected application workflows, depending on how the environment is configured. A separate series of suspicious AWS identity events appeared the following day, though Darktrace found no evidence proving that the activity was connected to the compromised LiteLLM host. Jason Soroko, senior fellow at certificate lifecycle management provider Sectigo, said the incident shows why AI gateways should be treated as privileged cloud infrastructure. “What stands out is the asset, not the miner. A LiteLLM proxy connected to Amazon Bedrock turned a routine cloud compromise into a warning about AI infrastructure,” Soroko said. “These gateways are becoming brokers for identity, model access, prompts, logs, and policy. Organizations should close public administrative access, remove long-term keys where possible, limit IAM permissions, and monitor model activity alongside workload and control-plane events.” Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts AmazonAmazon BedrockBedrock AICryptominingCyber AttackCybersecurityDarktraceMalwareSSHVulnerability Leave a Reply Cancel reply View Comments (0) Related Posts Read More Security Cyber Attacks Pandora Cyber Attack Exposes Customer Data Via Third-Party Vendor Pandora cyber attack exposes customer data via third-party breach. No passwords or payment info leaked, but phishing risks remain. byWaqas Read More Security Cyber Attacks Data Breaches Hacking News Dell Discloses Data Breach As Hacker Sells 49 Million Customer Data Dell has announced a data breach, while a hacker using the alias Menelik is selling 49 million Dell customer data on the notorious Breach Forums. byWaqas Read More Security Cyber Attacks DDoS Attacks Hit Denmark Central Bank and 7 Private Banks Along with the websites of the central bank, Bankdata—a company that develops IT solutions for the financial industry—was also targeted by a DDoS attack. byHabiba Rashid Read More Cyber Crime Hacking News Scams and Fraud Security Man gets 25 years for hacking lottery computers and winning $2.2 million In April 2015, it was reported that Eddie Raymond Tipton, a lottery computer programmer from Texas was arrested for hacking… byWaqas

Indicators of Compromise

  • ip — 145.241.123.102
  • malware — XMRig
  • ip — 185.62.1.8

Entities

Amazon Bedrock (product)LiteLLM (product)Amazon (vendor)Darktrace (vendor)AI Gateway (technology)