NATS-as-C2: Inside a new technique attackers are using to harvest cloud credentials and AI API keys

Sysdig TRT observed an active campaign (KeyHunter) exploiting CVE-2026-33017 in Langflow to deploy credential-harvesting workers that use a NATS server as a durable, subject-authorized C2 (NATS-as-C2). The operator harvested cloud and AI API keys, validated AWS keys (including testing AWS Bedrock), attempted container escape and to deploy a Go worker, and left multiple IOCs (45.192.109.25:14222, 159.89.205.184:8888, file SHA-256s). The report details technical behavior, persistence, and detection/mitigation steps including patching, egress blocking, and credential rotation.