Pillar Security reports Operation Bizarre Bazaar, a large-scale LLMjacking campaign that scans for and hijacks exposed LLM and MCP endpoints to monetize resources, resell API access, exfiltrate data, and move laterally. The operation uses a scanner, a validator tied to silver.inc, and a marketplace called The Unified LLM API Gateway, with over 35,000 observed attack sessions and specific targeting of self-hosted LLMs like Ollama and exposed OpenAI-compatible APIs. #OperationBizarreBazaar #Hecker
Keypoints
- Operation Bizarre Bazaar hijacks exposed AI endpoints to monetize inference, resell access, and exfiltrate data.
- The campaign uses a three-part infrastructure: a scanner, a validator tied to silver.inc, and a marketplace called The Unified LLM API Gateway.
- Pillar observed over 35,000 attack sessions, averaging about 972 attacks per day, indicating systematic targeting.
- Primary targets are self-hosted LLMs and MCP servers, including unauthenticated Ollama instances (port 11434) and OpenAI-compatible APIs (port 8000).
- The threat actor identified as Hecker (aka Sakuya, LiveGamer101) appears linked to nexeonai.com, with the marketplace hosted in the Netherlands and promoted on Discord and Telegram.
Read More: https://www.securityweek.com/llms-hijacked-monetized-in-operation-bizarre-bazaar/