Coordinated Attack Campaign on LLMs Unveiled

Published:

spot_img

Understanding Threats to Large Language Models (LLMs)

In the evolving landscape of cybersecurity, large language models (LLMs) have emerged as a significant target for malicious actors. This article outlines the ongoing reconnaissance campaigns aimed at exposed AI models, emphasizing the need for robust security measures.

Widespread Reconnaissance Campaign

Recent findings have highlighted a concerted effort by threat actors to probe various LLMs, including popular models like OpenAI’s GPT-4 and Google’s Gemini. Researchers from GreyNoise reported over 80,000 enumeration requests originating from two distinct IP addresses. This extensive scanning aims to identify misconfigured proxy servers that might inadvertently expose commercial APIs to unauthorized access.

Notification of Potential Targets

The research team underscored the seriousness of the situation, stating, “If you’re running exposed LLM endpoints, you’re likely already on someone’s list.” This kind of infrastructure mapping usually signifies a prelude to targeted cyberattacks.

Key Targeted Models

The reconnaissance efforts have encompassed a wide array of LLM families, including but not limited to:

  • OpenAI: GPT-4 and its variants
  • Anthropic: Claude Sonnet, Opus, Haiku
  • Meta: Llama 3.x
  • DeepSeek: DeepSeek-R1
  • Google: Gemini
  • Mistral
  • Alibaba: Qwen
  • xAI: Grok

The campaign, which started on December 28, systematically explored over 73 LLM model endpoints within an 11-day timeframe, employing innocuous test queries to minimize triggering security alerts.

Concerns About Attack Vector Specialization

The reconnaissance was conducted by two IPs known to have histories of exploiting vulnerabilities. These IPs were linked to various past exploits, including:

  • CVE-2025-55182: React2Shell vulnerability
  • CVE-2023-1389: TP-Link Archer vulnerability

Such a history showcases the professional caliber of the threat actors involved and hints at a broader exploitation strategy underpinning their current activities.

Second Campaign Focusing on SSRF Vulnerabilities

In addition to the reconnaissance on LLMs, a parallel campaign targeting server-side request forgery (SSRF) vulnerabilities has been observed. This technique can force servers to make outbound requests to infrastructures controlled by attackers, potentially leading to data breaches.

Exploitation Techniques

Attackers injected malicious URLs into the model pull functionalities of the honeypot infrastructure, thus redirecting server requests. They also targeted webhook integrations, manipulating parameters to trigger unauthorized outbound connections. The attackers utilized tools like ProjectDiscovery’s Out-of-band Application Security Testing (OAST) to validate successful exploitations.

Recommendations for Securing LLMs

Given the escalating threats to LLMs, organizations are advised to implement robust security measures:

  • Limit Model Pulls: Ensure that model pulls from the framework only accept inputs from trusted registries to reduce exposure.

  • Implement Egress Filtering: This technique can help prevent SSRF callbacks from reaching attacker-controlled infrastructure.

  • Monitor for Enumeration Patterns: Establish alert systems for rapid-fire requests across multiple model endpoints, which may signify attempts to map vulnerabilities.

  • Block OAST at DNS: Cutting off callback channels that signal successful exploitation can help mitigate risk.

  • Rate Limit Suspicious ASNs: Key ASN identifiers that have been prominent in attack traffic should be monitored closely to preempt further activity.

Conclusion

Monitoring, securing, and adapting in response to the ever-changing cybersecurity landscape is essential for organizations using LLMs. With proactive measures to identify and mitigate threats, companies can safeguard their AI infrastructures against malicious exploits. The complexity of these attacks underscores a pressing need for vigilance and enhanced cybersecurity practices tailored to the unique challenges posed by LLMs.

spot_img

Related articles

Recent articles

AI Enhances Attack Speed and Efficiency, But Defenders Can Leverage Existing Knowledge to Mitigate Risks

The Unit 42 2026 Global Incident Response Report from Palo Alto Networks highlights how threat actors are leveraging AI to enhance the speed and...

Lapses in Identity Lead to 79% of Ransomware Attacks, Sophos Report Reveals

According to a recent report by Sophos, lapses in identity are responsible for 79% of ransomware attacks, highlighting a critical area of concern for...

NSU Launches Cybersecurity Center to Enhance Research and Workforce Development in Bangladesh

North South University (NSU) has inaugurated its Cybersecurity Center to advance research, develop skilled professionals, and strengthen Bangladesh's resilience against emerging cyber threats. This...

Siemens ROX II Switches Vulnerable: Update to Firmware V2.17.1 to Mitigate CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949 Exploits

Siemens has issued an advisory regarding three critical zero-day vulnerabilities (CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949) affecting its ROX II operational technology (OT) switches. These vulnerabilities...