Sysdig Threat Research Team observed an offensive cloud operation that used exposed AWS S3 credentials to gain access and escalate to administrative control in less than 10 minutes. Attackers automated reconnaissance and code generation via LLMs (LLMjacking), injected malicious Lambda code, and abused Amazon Bedrock plus a p4d.24xlarge instance (≈$23,600/month) while installing a persistent JupyterLab backdoor. Sysdig recommends rotating credentials, securing S3, restricting Lambda permissions, and monitoring Bedrock usage.
Key Points
- 1Automated LLM-driven intrusion used exposed S3 credentials and malicious Lambda injection for rapid access.
- 2Enabled sub-10-minute admin escalation and lateral movement across 19 principals, facilitating costly compute theft.
- 3Monitor Bedrock invocations, eliminate long-term keys, restrict Lambda UpdateFunctionCode, and alert on unusual resource usage.
Scoring Rationale
High novelty and urgent mitigations from an authoritative vendor; coverage limited to a single incident and observational source.
Sources
Public references used for this report.
Practice with real Logistics & Shipping data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Logistics & Shipping problems
