New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
Summary
A new Go botnet named NadMesh has been discovered actively targeting exposed AI services, specifically looking for cloud keys and Kubernetes tokens. It utilizes a Shodan harvester to find services like ComfyUI, Ollama, and n8n, and its operator claims to have collected thousands of AWS keys.
IFF Assessment
This botnet targets exposed AI services to steal cloud credentials, posing a direct threat to the security and integrity of cloud infrastructure and sensitive data.
Defender Context
Defenders should be aware of the emergence of botnets like NadMesh that exploit misconfigurations in AI service deployments. This highlights the critical need for robust network segmentation, strict access controls, and prompt patching of exposed services to prevent unauthorized access and credential theft.