- Darktrace reports cryptojacking via a compromised AI gateway (LiteLLM‑Proxy on AWS Bedrock), breached via exposed SSH, and abused with XMRig mining
- The attackers also displayed suspicious IAM activity, hinting at possible misuse of cloud credentials, with connections traced back to Vietnam.
- Experts warn that AI gateways concentrate privileged access, urging strict port closures, least-privileged roles, and control plane monitoring to reduce the blast radius.
If you’re using AI gateways as part of your tech stack, be careful: They’re being exploited in cryptojacking attacks, experts warned.
Cybersecurity researchers Darktrace have published a new report about a cloud-hosted AI gateway, connected to Amazon Bedrock, that was compromised and used for cryptocurrency mining.
An AI gateway is a piece of software that runs between users or applications and one or more AI models. It is no different than a reverse proxy or API gateway, but only for AI services. In this case, an Amazon EC2 instance running an AI gateway called LiteLLM-Proxy was given centralized access to large language models (LLMs) hosted on Amazon Bedrock (AWS’ fully managed generative AI platform).
Shady Vietnamese accounts
According to Darktrace, the threat actors likely gained access through a brute force attack, as the EC2 instance was configured to accept SSH connections from anywhere on the Internet.
After logging in, they downloaded XMRig, by far the most popular cryptocurrency mining program. Within minutes, the instance began making repeated encrypted connections to a cryptocurrency mining pool, which also triggered Darktrace alarms and detected the attack.
Shortly after, Darktrace detected more suspicious activity, this time involving an AWS Identity and Access Management (IAM) user. This account began providing unexpected and previously unused commands, such as enumerating and invoking basic Amazon Bedrock models or attempting to configure a new IAM user account.
The final red flag was that user’s IP address, which dates back to Vietnam. Darktrace said there was insufficient evidence to conclusively link the IAM activity to the previous AI gateway compromise, but stressed that the behavior could indicate an attempt to misuse cloud credentials.

The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.




