Home/News/NadMesh Botnet Targets Exposed AI Services for Cloud Keys
The Hacker News2 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

NadMesh Botnet Targets Exposed AI Services for Cloud Keys

NadMesh Botnet Targets Exposed AI Services for Cloud Keys

A Go-based botnet identified as NadMesh began actively targeting exposed AI services in early July. The botnet's operator claims to have collected 3,811 unique AWS keys through its operations. NadMesh utilizes a Shodan harvester to continuously identify vulnerable AI platforms, including ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio. These platforms are commonly used for image generation, local model execution, and workflow automation, often deployed rapidly without immediate robust security measures.

The botnet's primary objective is to steal cloud access keys and Kubernetes tokens from compromised AI services. By exploiting these credentials, attackers can gain unauthorized access to sensitive cloud infrastructure and data. The intelligence feed powering NadMesh's scanning efforts continuously updates its queue with newly discovered exposed services, indicating an ongoing and evolving threat.

Researchers at Palo Alto Networks Unit 42 first observed NadMesh in late June, noting its aggressive scanning for specific AI-related tools. The botnet's infrastructure is designed to efficiently locate and exploit misconfigured or inadequately secured AI deployments. The operators appear to be leveraging the growing adoption of AI tools in cloud environments as a vector for their attacks.

NadMesh's tactics highlight a significant emerging threat landscape where the rapid deployment of AI services can inadvertently create new attack surfaces. The botnet's success in accumulating a substantial number of cloud keys suggests that many organizations are not adequately securing their AI infrastructure. This poses a risk not only of data theft but also of potential misuse of cloud resources for malicious purposes.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next