Cloud Attack Exploits AI To Steal Compute

Sysdig Threat Research Team observed an offensive cloud operation that used exposed AWS S3 credentials to gain access and escalate to administrative control in less than 10 minutes. Attackers automated reconnaissance and code generation via LLMs (LLMjacking), injected malicious Lambda code, and abused Amazon Bedrock plus a p4d.24xlarge instance (≈$23,600/month) while installing a persistent JupyterLab backdoor. Sysdig recommends rotating credentials, securing S3, restricting Lambda permissions, and monitoring Bedrock usage.