NadMesh, a Go botnet, was discovered targeting exposed AI services in cloud environments, claiming over 3,800 AWS keys. The botnet systematically scans platforms like ComfyUI and n8n to extract cloud credentials and Kubernetes tokens, posing significant security risks to cloud deployments and AI tools.
NadMesh surfaced in July 2023, operating as a Go botnet dedicated to hunting for exposed AI services.
Its operator's dashboard indicates claims of 3,811 unique AWS keys garnered from various services.
The botnet utilizes a Shodan harvester to maintain a queue of targets, including ComfyUI and n8n.
Despite discrepancies in its reported statistics, the bot claims significant activity, including 17,700 deployments and 95,700 scans in a single day.
NadMesh extracts sensitive cloud credentials such as Kubernetes tokens, AWS keys, and contents of configuration files like ~/.aws/config and .env.
The botnet's focus is on acquiring privileges rather than accessing the host itself, indicating a strategic approach to exploiting cloud services.
The data reported by the operator shows inconsistency with distinct source IP counts mostly nearing zero until early July, when it surged to about 139 daily.
The dashboard remains opaque, listing 12,100 exploitable services against a tally of 21 vulnerabilities without specification of any identified CVEs.
With thousands of reachable MCP services reported as exploitable, NadMesh poses a considerable threat to cloud security, particularly in AI implementations.
The focus on widely-used tools heightens the urgency for organizations to secure their cloud configurations and Kubernetes setups.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
NadMesh, a Go botnet, was discovered targeting exposed AI services in cloud environments, claiming over 3,800 AWS keys. The botnet systematically scans platforms like ComfyUI and n8n to extract cloud credentials and Kubernetes tokens, posing significant security risks to cloud deployments and AI tools.