A malicious campaign is actively targeting exposed LLM (Large Language Model) service endpoints to commercialize unauthorized access to AI infrastructure.
Over a period of 40 days, researchers at Pillar Security recorded more than 35,000 attack sessions on their honeypots, which led to discovering a large-scale cybercrime operation that monetizes and exploits access to exposed or poorly authenticated AI endpoints.
They call the campaign 'Bizarre Bazaar' and highlight that it is one of the first examples of ‘LLMjacking’ attacks attributed to a specific threat actor.
In a report shared with BleepingComputer, Bizarre Bazaar involves unauthorized access to weakly protected LLM infrastructure endpoints to:
Steal computing resources for cryptocurrency mining
Resell API access on darknet markets
Exfiltrate data from prompts and conversation history,
Attempt to pivot into internal systems via Model Context Protocol (MCP) servers
Common attack vectors include self-hosted LLM setups, exposed or unauthenticated AI APIs, publicly accessible MCP servers, and development or staging AI environments with public IP addresses.
Typically, attackers exploit misconfigurations such as unauthenticated Ollama endpoints on port 11434, OpenAI-compatible APIs on port 8000, and unauthenticated production chatbots.
... continue reading