New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
Researchers have identified a new botnet called NadMesh that actively hunts for exposed AI services to steal cloud keys and Kubernetes tokens. The botnet scans the internet for vulnerable AI deployments, such as those running large language models or other machine learning workloads, that are misconfigured or exposed without proper authentication. Once it finds a target, NadMesh extracts credentials including cloud API keys and Kubernetes service account tokens. These stolen credentials could enable attackers to access cloud infrastructure, deploy malicious workloads, or exfiltrate data from Kubernetes clusters. The botnet's focus on AI services reflects the growing trend of attackers targeting AI infrastructure, which often contains valuable data and computational resources. The discovery was reported by The Hacker News, emphasizing the need for securing AI service deployments against automated threats.
NadMesh targets misconfigured AI services, risking cloud and Kubernetes credential theft.