Full Report
Also, South Korea gets a pentesting F, US Treasury says bye bye to BAH, North Korean hackers evolve, and more Infosec in Brief As if AI weren't enough of a security concern, now researchers have discovered that open-source AI deployments may be an even bigger problem than those from commercial providers. …
Analysis Summary
# Main Topic
The global proliferation and inherent security risks associated with publicly exposed, open-source AI deployments, specifically focusing on Ollama instances.
## Key Points
- Researchers from SentinelLABS and Censys identified 175,108 unique Ollama hosts exposed to the public internet across 130 countries.
- This ecosystem displays a high degree of homogeneity (monoculture), utilizing the same compression choices and packaging regimes for popular models like Llama, Qwen2, and Gemma2, making them susceptible to simultaneous, widespread exploitation from a single zero-day vulnerability.
- Many exposed instances had critical security weaknesses: tool-calling capabilities enabled via API endpoints, vision capabilities active, and uncensored prompt templates lacking safety guardrails.
- Risks include resource hijacking, remote execution of privileged operations due to exposed APIs, and identity laundering.
## Threat Actors
- No specific malicious threat actors are named as exploiting this vulnerability yet; the focus is on the *exposure* creating the target environment.
## TTPs
- **Exposure:** Instances are left accessible to the public internet (`Exposed to the public internet`).
- **Configuration Risk:** Tool-calling capabilities and API endpoints are left enabled without proper segmentation or authentication.
- **Model Reliance:** Heavy reliance on specific, commonly packaged open-source models, leading to systemic risk.
## Affected Systems
- **Platform:** Ollama deployments.
- **Models:** Llama, Qwen2, and Gemma2 models running on these deployments.
- **Scope:** Approximately 175,108 hosts globally were found exposed.
## Mitigations
- Treat LLMs (open source or otherwise) as critical infrastructure.
- Implement the same level of authentication, monitoring, and network controls as applied to other externally accessible infrastructure.
- (Implied) Secure configuration of deployments (e.g., disabling public exposure of API endpoints, review of guardrails).
## Conclusion
The widespread, unmanaged exposure of open-source AI deployments like Ollama creates a significant and potentially systemic security risk due to their monoculture structure. Organizations must immediately apply rigorous security controls—authentication, network segmentation, and monitoring—to these environments before widespread exploitation targets model-specific or platform-level vulnerabilities.
---
# Secondary Intelligence Summary (Infosec in Brief Topics)
## Key Points
- **South Korea's Cyber Resilience:** A simulated cyberattack against South Korean government systems revealed that every targeted public-facing system was successfully breached. Breaches included access to resident registration numbers and unencrypted critical data leading to admin privilege escalation.
- **US Treasury Contracts Revoked:** The US Treasury Department terminated contracts with Booz Allen Hamilton (BAH) over a data leak involving confidential taxpayer information stolen by an employee, deeming BAH unfit for sensitive data handling.
- **North Korean APT Evolution:** The Labyrinth Chollima North Korean threat actor has splintered into three distinct entities: Golden Chollima (targeting fintech/crypto with small-value thefts), Pressure Chollima (conducting high-profile heists and highly advanced), and the original Labyrinth Chollima (shifting focus to malware-driven espionage against defense/manufacturing).
## Threat Actors
- **Labyrinth Chollima (DPRK):** Evolved into three specialized groups:
- Golden Chollima
- Pressure Chollima
- Original Labyrinth Chollima (Focusing on espionage)
## TTPs
- **North Korean Actors:** Utilizing social engineering, particularly employment-themed lures and trojanized legitimate software delivered via messaging platforms.
- **South Korea Audit:** Specific TTPs were withheld by the audit board to prevent encouragement of future attacks, though breaches involved poor data handling (unencrypted data) and unauthorized access to sensitive PII.
## Affected Systems
- **South Korea:** 7 out of 123 tested public-facing government systems.
- **North Korea Targets:** Cryptocurrency firms, fintech companies in developed regions (US, EU, SK), defense firms, and manufacturing sectors.
- **US Treasury:** Contractors handling IRS/taxpayer data handled by Booz Allen Hamilton.
## Mitigations
- **North Korea:** Organizations in crypto/fintech/defense/logistics must practice heightened vigilance against DPRK social engineering campaigns (employment lures).
- **South Korea:** Immediate remediation steps were reportedly deployed for the systems tested.
## Conclusion
Threat groups across the globe continue to evolve. North Korean actors are specializing their operations to maximize financial gain and espionage across critical sectors, necessitating targeted vigilance against their specific social engineering vectors. Furthermore, the South Korean audit highlights significant vulnerability in public-sector infrastructure that requires urgent remediation beyond the tested systems.