AI-assisted cloud intrusion achieves admin access in 8 minutes
ID: ebb0ee79-47c2-573b-80d7-416902f29392
STIX ID: report--ebb0ee79-47c2-573b-80d7-416902f29392
Feed Name: Sysdig Blog
Threat Score
On Nov 28, 2025, Sysdig Threat Research Team documented a rapid, AI-assisted offensive operation against an AWS environment: attackers extracted credentials from public S3 buckets, injected malicious code into a Lambda to create admin keys, laterally moved across 19 principals, abused Amazon Bedrock (LLMjacking) and attempted to provision GPU instances for model training; the report includes an attack timeline, code samples, IOCs (IP list), and concrete detection and mitigation recommendations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.