Bizarre Bazaar

Bizarre Bazaar is the name Pillar Security gave to an active criminal campaign targeting exposed or weakly authenticated Large Language Model (LLM) service endpoints. Pillar described it as an early attributed example of “LLMjacking.” Over a 40-day period, Pillar observed more than 35,000 attack sessions against honeypots. The activity targets misconfigured self-hosted LLM deployments and related services, including unauthenticated Ollama endpoints on port 11434, OpenAI-compatible APIs on port 8000, publicly accessible Model Context Protocol (MCP) servers, development or staging AI environments with public IP addresses, and unauthenticated production chatbots. Reported objectives include stealing compute resources for cryptocurrency mining, reselling unauthorized API access on underground channels, exfiltrating prompt and conversation data, and attempting internal pivoting via MCP servers. Pillar reported that attackers can begin targeting newly exposed endpoints within hours of their appearance in Shodan or Censys. Pillar assessed the operation as a three-actor criminal supply chain consisting of a scanner, a validator, and a reseller. The activity was linked to the aliases Hecker, Sakuya, and LiveGamer101. Resale infrastructure was tied to silver[.]inc, which was marketed on Telegram and Discord and promoted a project called NeXeonAI, advertised as a unified AI infrastructure service providing access to more than 50 AI models. A separate MCP-focused reconnaissance campaign was tracked by Pillar but was not attributed to Bizarre Bazaar at the time of reporting.