Cybersecurity

Cyberattack on Cloud-Hosted LLM Services Discovered by Researchers

Cybersecurity researchers have discovered a cyberattack targeting cloud-hosted large language model (LLM) services, involving attackers gaining access to a cloud environment and targeting a local Claude LLM model from Anthropic, with organizations advised to enhance logging and monitoring practices to prevent such attacks.

At a glance

  • Cybersecurity researchers have discovered a cyberattack targeting cloud-hosted large language model (LLM) services.
  • The attack involved gaining access to a cloud environment and targeting a local Claude LLM model from Anthropic.
  • An open-source Python script was used to check and validate keys for various LLM offerings.
  • Attackers queried logging settings to avoid detection when using compromised credentials.
  • Organizations are advised to enable detailed logging, monitor cloud logs for suspicious activity, and implement effective vulnerability management processes.

The details

Cybersecurity researchers have discovered a cyberattack targeting cloud-hosted large language model (LLM) services.

The attack, dubbed LLMjacking by the Sysdig Threat Research Team, involved attackers gaining access to a cloud environment and targeting a local Claude LLM model from Anthropic.

The intrusion pathway included breaching a system running a vulnerable version of the Laravel Framework and obtaining Amazon Web Services (AWS) credentials.

An open-source Python script was used to check and validate keys for various LLM offerings. During the verification phase, no legitimate LLM queries were run.

The key checker integrates with an open-source tool called oai-reverse-proxy to provide access to compromised accounts without exposing credentials.

Attackers queried logging settings to avoid detection when using compromised credentials, allowing them to monetize access to LLMs while the cloud account owner unknowingly incurs costs.

The attack could cost over $46,000 in LLM consumption costs per day for the victim, with the potential to disrupt business operations by maximizing quota limits and blocking legitimate model usage.

Organizations are advised to enable detailed logging, monitor cloud logs for suspicious activity, and implement effective vulnerability management processes.

In a separate incident, the FBI and NCA revealed the identity of LockBitSupp, the operator of the LockBit ransomware operation.

Operation Cronos took down LockBit’s infrastructure and converted its data leak site into a law enforcement press release site.

The site went live again, teasing new information, including the possible identity of the LockBit admin, identified as 31-year-old Russian national Dmitry Yuryevich Khoroshev.

LockBitSupp has been leaking the names of 119 victims allegedly attacked by the ransomware operation and has pledged to continue conducting attacks.

An attack on healthcare giant Ascension, linked to the Black Basta ransomware operation, caused massive disruption to the healthcare system.

The incident is part of a historic surge in ransomware incidents and payment totals in 2023, with significant actions taken against ransomware actors in early 2024.

The City of Wichita, Kansas, disclosed that it was forced to shut down portions of its network after a ransomware attack.

Various new ransomware variants, including STOP and .xam, have been discovered. MorLock targets Russian companies using LockBit 3 (Black) and Babuk ransomware.

Brandywine Realty Trust and the University System of Georgia (USG) have also confirmed cyberattacks, with LockBit ransomware gang claiming responsibility for the attack on the City of Wichita and Ascension experiencing disruptions and outages.

Additionally, FIN7 has been using malicious Google ads to impersonate well-known brands and deliver the NetSupport RAT.

A persistent e-crime group active since 2013, FIN7 has refined its tactics and malware arsenal over the years, commonly deploying malware through spear-phishing campaigns.

Microsoft observed FIN7 attackers using Google ads to distribute malicious MSIX application packages, prompting users visiting bogus sites to download a phony browser extension containing a PowerShell script.

The script gathers system information and contacts a remote server to fetch another encoded PowerShell script, which downloads and executes the NetSupport RAT from an actor-controlled server.

NetSupport RAT has been used to deliver additional malware, including DICELOADER, via a Python script.

FIN7 has been exploiting trusted brand names and using deceptive web ads to distribute malware, targeting Windows and Microsoft Office users to propagate RATs and cryptocurrency miners via cracks for popular software.

Malware often registers commands in the task scheduler to maintain persistence, enabling continuous installation of new malware.

SocGholish infection wave targets business partners using living-off-the-land techniques, with malware campaigns leveraging legitimate software to propagate RATs and cryptocurrency miners.

Malwarebytes and eSentire have reported similar findings of malicious ads mimicking high-profile brands, highlighting the evolving tactics of threat actors in the cybersecurity landscape.

Article X-ray

Facts attribution

This section links each of the article’s facts back to its original source.

If you suspect false information in the article, you can use this section to investigate where it came from.

thehackernews.com
– Cybersecurity researchers discovered an attack using stolen cloud credentials to target cloud-hosted large language model (LLM) services
– The attack technique is called LLMjacking by the Sysdig Threat Research Team
– The attackers gained access to the cloud environment and targeted a local Claude LLM model from Anthropic
– The intrusion pathway involved breaching a system running a vulnerable version of the Laravel Framework and obtaining Amazon Web Services (AWS) credentials
– An open-source Python script was used to check and validate keys for various LLM offerings
– No legitimate LLM queries were run during the verification phase
– The keychecker integrates with an open-source tool called oai-reverse-proxy to provide access to compromised accounts without exposing credentials
– Attackers queried logging settings to avoid detection when using compromised credentials
– This attack allows attackers to monetize access to LLMs while the cloud account owner pays the bill unknowingly
– The attack could cost over $46,000 in LLM consumption costs per day for the victim
– Attackers can disrupt business operations by maximizing quota limits and blocking legitimate model usage
– Organizations are advised to enable detailed logging, monitor cloud logs for suspicious activity, and implement effective vulnerability management processes.
bleepingcomputer.com
– The FBI and NCA revealed the identity of LockBitSupp, the operator of the LockBit ransomware operation
– Operation Cronos took down LockBit’s infrastructure and converted its data leak site into a law enforcement press release site
– The site went live again teasing new information, including the possible identity of the LockBit admin
– LockBitSupp is a 31-year-old Russian national named Dmitry Yuryevich Khoroshev
– LockBit operation has been leaking the names of 119 victims allegedly attacked by the ransomware operation
– LockBitSupp says they will continue to conduct attacks
– An attack on healthcare giant Ascension caused massive disruption to the healthcare system
– The attack has been linked to the Black Basta ransomware operation
– Historic surge of ransomware incidents and payment totals in 2023
– Significant actions were taken against ransomware actors in 2023 and early 2024
– The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after a ransomware attack
– New STOP ransomware variants found by Jakub Kroustek
– PCrisk found a new ransomware that appends the .xam extension
– MorLock is attacking Russian companies using LockBit 3 (Black) and Babuk ransomware
– U.S. realty trust giant Brandywine Realty Trust confirmed a cyberattack
– University System of Georgia (USG) is sending data breach notifications to 800,000 individuals
– LockBit ransomware gang claimed responsibility for a cyberattack on the City of Wichita
– Ascension has taken some systems offline due to a “cyber security event”
– Cybercriminals who targeted Boeing using LockBit ransomware demanded a $200 million extortion payment
– Ohio Lottery is sending data breach notification letters to over 538,000 individuals
– Ascension is diverting ambulances from several hospitals due to a suspected ransomware attack causing disruptions and outages
thehackernews.com
– FIN7 has been using malicious Google ads to impersonate well-known brands and deliver NetSupport RAT
– FIN7 is a persistent e-crime group that has been active since 2013
– FIN7 has refined its tactics and malware arsenal over the years
– FIN7 commonly deploys malware through spear-phishing campaigns
– Microsoft observed FIN7 attackers using Google ads to distribute malicious MSIX application packages
– Microsoft disabled the MSIX protocol handler by default due to abuse by threat actors
– Users visiting bogus sites via Google ads are prompted to download a phony browser extension containing a PowerShell script
– The PowerShell script gathers system information and contacts a remote server to fetch another encoded PowerShell script
– The second PowerShell payload downloads and executes the NetSupport RAT from an actor-controlled server
– NetSupport RAT has been used to deliver additional malware, including DICELOADER via a Python script
– eSentire detected FIN7 exploiting trusted brand names and using deceptive web ads to distribute malware
– Malwarebytes independently reported similar findings of malicious ads mimicking high-profile brands
– SocGholish infection wave targets business partners using living-off-the-land techniques
– Malware campaign targets Windows and Microsoft Office users to propagate RATs and cryptocurrency miners via cracks for popular software
– Malware often registers commands in the task scheduler to maintain persistence, enabling continuous installation of new malware

What's your reaction?

Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0

You may also like

Comments are closed.