New LLMjacking Used Stolen Cloud Credentials to Attack Cloud LLM Servers

Researchers have identified a new form of cyberattack termed “LLMjacking,” which exploits stolen cloud credentials to hijack cloud-hosted large language models (LLMs).

This sophisticated attack leads to substantial financial losses and poses significant risks to data security.

LLMjacking involves attackers gaining unauthorized access to cloud environments through compromised credentials, initially sourced from vulnerabilities in widely used frameworks like Laravel (CVE-2021-3129).

Once inside, the attackers target LLM services such as Anthropic’s Claude models, manipulating these resources to incur excessive costs and potentially extract sensitive training data.

If undetected, an LLMjacking attack can lead to daily costs upwards of $46,000, as attackers maximize the usage of LLM services to their financial benefit.

This burdens the legitimate account holders with hefty bills and can disrupt normal business operations by maxing out LLM quotas.

Beyond financial damage, there is a looming threat of intellectual property theft.

Attackers could potentially ...