Researchers uncovered Operation Bizarre Bazaar, a December 2025–January 2026 campaign that recorded about 35,000 attack sessions where hackers broke into company AI systems to steal and resell access. Pillar Security Research traced the operation to an individual known as Hecker (aka Sakuya/LiveGamer101) and found stolen access sold via silver.inc at steep discounts, a practice dubbed LLMjacking that often exploited unprotected Model Context Protocol endpoints. #OperationBizarreBazaar #LLMjacking #PillarSecurityResearch #silverinc #Hecker
Keypoints
- Operation Bizarre Bazaar ran from Dec 2025 to Jan 2026 and logged about 35,000 attack sessions.
- Attackers specialized in LLMjacking — hijacking AI compute and selling access on silver.inc.
- Pillar Security Research traced the campaign to an actor using aliases Hecker, Sakuya, and LiveGamer101.
- Many intrusions exploited open Model Context Protocol (MCP) connections, accounting for 60% of attacks by late January.
- The report urges enabling authentication on all LLM endpoints and blocking 204.76.203.0/24 to disrupt the operation.
Read More: https://hackread.com/operation-bizarre-bazaar-llmjacking-unprotected-models/