AWS intruder achieved admin access in under 10 minutes thanks to AI assist, researchers say

Resident Pulser@infosec.pub · 5 days ago

AWS intruder achieved admin access in under 10 minutes thanks to AI assist, researchers say

eleijeep@piefed.social · 4 days ago

From the report that’s the source of this Register article (emphasis added):

The threat actor infiltrated the victim’s environments using valid test credentials stolen from public S3 buckets. These buckets contained Retrieval-Augmented Generation (RAG) data for AI models , and the compromised credentials belonged to an Identity and Access Management (IAM) user that had multiple read and write permissions on AWS Lambda and restricted permissions on AWS Bedrock. This user was likely intentionally created by the victim organization to automate Bedrock tasks with Lambda functions across the environment.

It is also important to note that the affected S3 buckets were named using common AI tool naming conventions, which the attackers actively searched for during reconnaissance.

https://www.sysdig.com/blog/ai-assisted-cloud-intrusion-achieves-admin-access-in-8-minutes

AWS intruder achieved admin access in under 10 minutes thanks to AI assist, researchers say

AWS intruder achieved admin access in under 10 minutes thanks to AI assist, researchers say

AWS intruder pulled off AI-assisted cloud break-in in 8 mins