216.73.217.98

AI-assisted cloud intrusion achieves admin access in 8 minutes

· Published 04/02/2026 15:57 · Modified 04/02/2026 20:51

Export JSON

Essential information

Published
04/02/2026 15:57
Modified
04/02/2026 20:51
Tags
2026-02-04 ai-assisted attack aws cloud security gpu abuse lambda injection lateral movement llmjacking privilege-escalation
Related entities
4 observables, 10 techniques (mitre)

Description

An environment was targeted in a sophisticated attack, with the threat actor gaining administrative privileges in under 10 minutes. The operation showed signs of leveraging large language models for automation and decision-making. Initial access was obtained through credentials found in public S3 buckets, followed by rapid privilege escalation via Lambda function code injection. The attacker moved laterally across 19 principals, abused Amazon Bedrock for , and launched GPU instances for potential model training. The attack involved extensive reconnaissance, data exfiltration, and attempts to establish persistence. Notable techniques included IP rotation, role chaining, and the use of AI-generated code.

External references