Threat Actors Exploit Vulnerabilities In Large Language Model Services Through Misconfigured Proxy…

In the shadows of the digital realm, a group of threat actors has been systematically targeting misconfigured proxy servers, seeking to exploit vulnerabilities in commercial large language model (LLM) services. This ongoing campaign, which commenced in late December, has seen the attackers probe over 73 LLM endpoints, generating a staggering 80,000 sessions. According to GreyNoise, a threat monitoring platform, the attackers have employed low-noise prompts to query endpoints, attempting to determine the accessed AI model without triggering a security alert.

The researchers at GreyNoise have been monitoring the situation closely, and their findings reveal that over the past four months, their Ollama honeypot has caught a total of 91,403 attacks, which are part of two distinct campaigns. One of these operations, which began in October and is still active, saw a significant spike in activity around Christmas, with 1,688 sessions over 48 hours.

The attackers exploited server-side request forgery (SSRF) vulnerabilities, allowing them to force a server to connect to an attacker-controlled external infrastructure. The researchers at GreyNoise have noted that the attacker behind this operation achieved their goals by using Ollama’s model pull functionality to inject malicious registry URLs and Twilio SMS webhook integrations through the MediaURL parameter.