A cyberattack that occurred on November 28 has highlighted the growing concern regarding the use of artificial intelligence in cyber threats. The incident, identified by the Sysdig Threat Research Team, involved an attacker who gained administrative privileges in under ten minutes by utilizing AI techniques.
The intruder accessed a compromised Amazon Web Services (AWS) cloud environment by stealing valid credentials from publicly available Amazon S3 buckets. These credentials were linked to an identity and access management user with broad permissions. During the breach, the attacker leveraged large language models to automate several stages, including reconnaissance and the creation of malicious code.
Sysdig's analysis revealed that 19 AWS principals were compromised, with Bedrock models and GPU resources being misused. The attacker's methods included injecting code into Lambda functions and creating an admin account to extract sensitive data, such as secrets from Secrets Manager and logs from CloudWatch. Notably, the attacker displayed sophisticated techniques, including the use of fabricated AWS account IDs and Serbian comments in their code, indicating a highly organized operation.