New events: New Developments in LLM Hijacking Activity (#24)

* update events and add new events from wiz incident report

* fix log examples

docs/events.json

@@ -3809,6 +3809,44 @@
         ],
         "permissions": "https://aws.permissions.cloud/iam/iam#iam-SimulatePrincipalPolicy"
     },
+    {
+        "eventName": "CreatePolicy",
+        "eventSource": "iam.amazonaws.com",
+        "awsService": "IAM",
+        "description": "Creates a new managed policy for your AWS account.",
+        "mitreAttackTactics": [
+            "TA0004 - Privilege Escalation"
+        ],
+        "mitreAttackTechniques": [
+            "T1098 - Account Manipulation"
+        ],
+        "mitreAttackSubTechniques": [
+            "T1098.003 - Account Manipulation: Additional Cloud Roles"
+        ],
+        "unverifiedMitreAttackTechniques": [],
+        "usedInWild": true,
+        "incidents": [
+            {
+                "description": "New Developments in LLM Hijacking Activity",
+                "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
+            }
+        ],
+        "researchLinks": [],
+        "securityImplications": "Attackers might use CreatePolicy to create new IAM policies that later they can use for potentially granting themselves elevated permissions.",
+        "alerting": [
+            {
+                "type": "cloudwatchCISControls",
+                "value": "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-4"
+            }
+        ],
+        "simulation": [
+            {
+                "type": "commandLine",
+                "value": "aws iam create-policy --policy-name TrailDiscoverPolicy --policy-document {}"
+            }
+        ],
+        "permissions": "https://aws.permissions.cloud/iam/iam#iam-CreatePolicy"
+    },
     {
         "eventName": "GetAccountAuthorizationDetails",
         "eventSource": "iam.amazonaws.com",
@@ -4150,6 +4188,10 @@
             {
                 "description": "LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD",
                 "link": "https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud"
+            },
+            {
+                "description": "New Developments in LLM Hijacking Activity",
+                "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
             }
         ],
         "researchLinks": [
@@ -5370,6 +5412,10 @@
             {
                 "description": "Tales from the cloud trenches: Unwanted visitor",
                 "link": "https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-unwanted-visitor/"
+            },
+            {
+                "description": "New Developments in LLM Hijacking Activity",
+                "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
             }
         ],
         "researchLinks": [
@@ -5495,6 +5541,10 @@
             {
                 "description": "Tales from the cloud trenches: Unwanted visitor",
                 "link": "https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-unwanted-visitor/"
+            },
+            {
+                "description": "New Developments in LLM Hijacking Activity",
+                "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
             }
         ],
         "researchLinks": [
@@ -8818,6 +8868,10 @@
             {
                 "description": "When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying",
                 "link": "https://permiso.io/blog/exploiting-hosted-models"
+            },
+            {
+                "description": "New Developments in LLM Hijacking Activity",
+                "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
             }
         ],
         "researchLinks": [],
@@ -9034,6 +9088,10 @@
             {
                 "description": "New tactics and techniques for proactive threat detection",
                 "link": "https://reinforce.awsevents.com/content/dam/reinforce/2024/slides/TDR432_New-tactics-and-techniques-for-proactive-threat-detection.pdf"
+            },
+            {
+                "description": "New Developments in LLM Hijacking Activity",
+                "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
             }
         ],
         "researchLinks": [],
@@ -9078,6 +9136,10 @@
             {
                 "description": "When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying",
                 "link": "https://permiso.io/blog/exploiting-hosted-models"
+            },
+            {
+                "description": "New Developments in LLM Hijacking Activity",
+                "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
             }
         ],
         "researchLinks": [],
@@ -9274,6 +9336,10 @@
             {
                 "description": "LLMjacking: Stolen Cloud Credentials Used in New AI Attack",
                 "link": "https://sysdig.com/blog/llmjacking-stolen-cloud-credentials-used-in-new-ai-attack/"
+            },
+            {
+                "description": "New Developments in LLM Hijacking Activity",
+                "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
             }
         ],
         "researchLinks": [],
@@ -9314,6 +9380,10 @@
             {
                 "description": "When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying",
                 "link": "https://permiso.io/blog/exploiting-hosted-models"
+            },
+            {
+                "description": "New Developments in LLM Hijacking Activity",
+                "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
             }
         ],
         "researchLinks": [],

docs/logExamples/CreatePolicy.json.cloudtrail

@@ -0,0 +1,47 @@
+[
+   {
+      "awsRegion": "euiso-westwest-1r",
+      "errorCode": "AccessDenied",
+      "errorMessage": "User: arn:aws:sts::186599486980:assumed-role/AWSReservedSSO_ReadOnlyAccess_ff7f8c5c5851aa11/TrailDiscover is not authorized to perform: iam:CreatePolicy on resource: policy TrailDiscoverPolicy because no identity-based policy allows the iam:CreatePolicy action",
+      "eventCategory": "Management",
+      "eventID": "5de97e56-a296-4e79-9122-e8543a2cb73e",
+      "eventName": "CreatePolicy",
+      "eventSource": "iam.amazonaws.com",
+      "eventTime": "2024-12-15T20:02:24Z",
+      "eventType": "AwsApiCall",
+      "eventVersion": "1.10",
+      "managementEvent": true,
+      "readOnly": false,
+      "recipientAccountId": "186599486980",
+      "requestID": "2639d1f3-1b9d-44d0-8117-d96c2f03411b",
+      "requestParameters": null,
+      "responseElements": null,
+      "sourceIPAddress": "253.236.07.202",
+      "tlsDetails": {
+         "cipherSuite": "TLS_AES_128_GCM_SHA256",
+         "clientProvidedHostHeader": "iam.amazonaws.com",
+         "tlsVersion": "TLSv1.3"
+      },
+      "userAgent": "aws-cli/2.17.32 md/awscrt#0.21.2 ua/2.0 os/linux#100.17.9.229-microsoft-standard-WSL2 md/arch#x86_64 lang/python#3.11.9 md/pyimpl#CPython exec-env/grimoire_26bb1fec-10f7-4d6b-b066-0111a84c7bff cfg/retry-mode#standard md/installer#exe md/distrib#ubuntu.24 md/prompt#off md/command#iam.create-policy",
+      "userIdentity": {
+         "accessKeyId": "ASIA48E5EUGOF4RDUZSA",
+         "accountId": "186599486980",
+         "arn": "arn:aws:sts::186599486980:assumed-role/AWSReservedSSO_ReadOnlyAccess_ff7f8c5c5851aa11/TrailDiscover",
+         "principalId": "AROAC40R4TTV05DWF5L1H:TrailDiscover",
+         "sessionContext": {
+            "attributes": {
+               "creationDate": "2024-12-15T20:02:14Z",
+               "mfaAuthenticated": "false"
+            },
+            "sessionIssuer": {
+               "accountId": "186599486980",
+               "arn": "arn:aws:iam::186599486980:role/aws-reserved/sso.amazonaws.com/us-westsouth-3r/AWSReservedSSO_ReadOnlyAccess_ff7f8c5c5851aa11",
+               "principalId": "AROAC40R4TTV05DWF5L1H",
+               "type": "Role",
+               "userName": "AWSReservedSSO_ReadOnlyAccess_ff7f8c5c5851aa11"
+            }
+         },
+         "type": "AssumedRole"
+      }
+   }
+]

docs/logExamples/ListEmailIdentities.json.cloudtrail

@@ -0,0 +1,45 @@
+[
+   {
+    "eventVersion": "1.08",
+    "userIdentity": {
+        "type": "AssumedRole",
+        "principalId": "AROA3H1YZ9UJ1EFEEVH1U:TrailDiscover",
+        "arn": "arn:aws:sts::393031354412:assumed-role/AWSReservedSSO_ReadOnlyAccess_ff7f8c5c5851aa33/TrailDiscover",
+        "accountId": "393031354412",
+        "accessKeyId": "ASIAPXEBOKNPAVQ9BFGQ",
+        "sessionContext": {
+            "sessionIssuer": {
+                "type": "Role",
+                "principalId": "AROA3H1YZ9UJ1EFEEVH1U",
+                "arn": "arn:aws:iam::393031354412:role/aws-reserved/sso.amazonaws.com/apiso-south-2r/AWSReservedSSO_ReadOnlyAccess_ff7f8c5c5851aa33",
+                "accountId": "393031354412",
+                "userName": "AWSReservedSSO_ReadOnlyAccess_ff7f8c5c5851aa33"
+            },
+            "attributes": {
+                "creationDate": "2024-12-15T18:41:25Z",
+                "mfaAuthenticated": "false"
+            }
+        }
+    },
+    "eventTime": "2024-12-15T18:54:36Z",
+    "eventSource": "ses.amazonaws.com",
+    "eventName": "ListEmailIdentities",
+    "awsRegion": "ca-centraleast-3r",
+    "sourceIPAddress": "8.214.221.11",
+    "userAgent": "aws-cli/2.17.32 md/awscrt#0.21.2 ua/2.0 os/linux#55.206.255.019-microsoft-standard-WSL2 md/arch#x86_64 lang/python#3.11.9 md/pyimpl#CPython exec-env/grimoire_0edfa7de-9f3f-4506-8040-a8ae6c4ac866 cfg/retry-mode#standard md/installer#exe md/distrib#ubuntu.24 md/prompt#off md/command#sesv2.list-email-identities",
+    "requestParameters": null,
+    "responseElements": null,
+    "requestID": "2115c9c6-8d8b-4ea5-a982-eedb477fb52a",
+    "eventID": "007ebdb7-8af1-42c7-a257-2fac3e475d6c",
+    "readOnly": true,
+    "eventType": "AwsApiCall",
+    "managementEvent": true,
+    "recipientAccountId": "393031354412",
+    "eventCategory": "Management",
+    "tlsDetails": {
+        "tlsVersion": "TLSv1.3",
+        "cipherSuite": "TLS_AES_128_GCM_SHA256",
+        "clientProvidedHostHeader": "email.ca-centraleast-3r.amazonaws.com"
+    }
+   }
+]

events/Bedrock/CreateFoundationModelAgreement.json

@@ -25,6 +25,10 @@
         {
             "description": "When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying",
             "link": "https://permiso.io/blog/exploiting-hosted-models"
+        },
+        {
+            "description": "New Developments in LLM Hijacking Activity",
+            "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
         }
     ],
     "researchLinks": [],

events/Bedrock/GetModelInvocationLoggingConfiguration.json

@@ -41,6 +41,10 @@
         {
             "description": "LLMjacking: Stolen Cloud Credentials Used in New AI Attack",
             "link": "https://sysdig.com/blog/llmjacking-stolen-cloud-credentials-used-in-new-ai-attack/"
+        },
+        {
+            "description": "New Developments in LLM Hijacking Activity",
+            "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
         }
     ],
     "researchLinks": [],

events/Bedrock/InvokeModel.json

@@ -43,6 +43,10 @@
         {
             "description": "When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying",
             "link": "https://permiso.io/blog/exploiting-hosted-models"
+        },
+        {
+            "description": "New Developments in LLM Hijacking Activity",
+            "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
         }
     ],
     "researchLinks": [],

events/Bedrock/InvokeModelWithResponseStream.json

@@ -41,6 +41,10 @@
         {
             "description": "New tactics and techniques for proactive threat detection",
             "link": "https://reinforce.awsevents.com/content/dam/reinforce/2024/slides/TDR432_New-tactics-and-techniques-for-proactive-threat-detection.pdf"
+        },
+        {
+            "description": "New Developments in LLM Hijacking Activity",
+            "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
         }
     ],
     "researchLinks": [],

events/Bedrock/PutUseCaseForModelAccess.json

@@ -29,6 +29,10 @@
         {
             "description": "When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying",
             "link": "https://permiso.io/blog/exploiting-hosted-models"
+        },
+        {
+            "description": "New Developments in LLM Hijacking Activity",
+            "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
         }
     ],
     "researchLinks": [],

events/IAM/CreateAccessKey.json

@@ -50,6 +50,10 @@
         {
             "description": "LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD",
             "link": "https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud"
+        },
+        {
+            "description": "New Developments in LLM Hijacking Activity",
+            "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
         }
     ],
     "researchLinks": [

events/IAM/CreateLoginProfile.json

@@ -51,6 +51,10 @@
         {
             "description": "Tales from the cloud trenches: Unwanted visitor",
             "link": "https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-unwanted-visitor/"
+        },
+        {
+            "description": "New Developments in LLM Hijacking Activity",
+            "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
         }
     ],
     "researchLinks": [

events/IAM/CreatePolicy.json

@@ -0,0 +1,38 @@
+{
+    "eventName": "CreatePolicy",
+    "eventSource": "iam.amazonaws.com",
+    "awsService": "IAM",
+    "description": "Creates a new managed policy for your AWS account.",
+    "mitreAttackTactics": [
+        "TA0004 - Privilege Escalation"
+    ],
+    "mitreAttackTechniques": [
+        "T1098 - Account Manipulation"
+    ],
+    "mitreAttackSubTechniques": [
+        "T1098.003 - Account Manipulation: Additional Cloud Roles"
+    ],
+    "unverifiedMitreAttackTechniques": [],
+    "usedInWild": true,
+    "incidents": [
+        {
+            "description": "New Developments in LLM Hijacking Activity",
+            "link": "https://www.wiz.io/blog/jinx-2401-llm-hijacking-aws"
+        }
+    ],
+    "researchLinks": [],
+    "securityImplications": "Attackers might use CreatePolicy to create new IAM policies that later they can use for potentially granting themselves elevated permissions.",
+    "alerting": [
+        {
+            "type": "cloudwatchCISControls",
+            "value": "https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-4"
+        }
+    ],
+    "simulation": [
+        {
+            "type": "commandLine",
+            "value": "aws iam create-policy --policy-name TrailDiscoverPolicy --policy-document {}"
+        }
+    ],
+    "permissions": "https://aws.permissions.cloud/iam/iam#iam-CreatePolicy"
+}

events/IAM/CreatePolicy.json.cloudtrail

@@ -0,0 +1,47 @@
+[
+   {
+      "awsRegion": "euiso-westwest-1r",
+      "errorCode": "AccessDenied",
+      "errorMessage": "User: arn:aws:sts::186599486980:assumed-role/AWSReservedSSO_ReadOnlyAccess_ff7f8c5c5851aa11/TrailDiscover is not authorized to perform: iam:CreatePolicy on resource: policy TrailDiscoverPolicy because no identity-based policy allows the iam:CreatePolicy action",
+      "eventCategory": "Management",
+      "eventID": "5de97e56-a296-4e79-9122-e8543a2cb73e",
+      "eventName": "CreatePolicy",
+      "eventSource": "iam.amazonaws.com",
+      "eventTime": "2024-12-15T20:02:24Z",
+      "eventType": "AwsApiCall",
+      "eventVersion": "1.10",
+      "managementEvent": true,
+      "readOnly": false,
+      "recipientAccountId": "186599486980",
+      "requestID": "2639d1f3-1b9d-44d0-8117-d96c2f03411b",
+      "requestParameters": null,
+      "responseElements": null,
+      "sourceIPAddress": "253.236.07.202",
+      "tlsDetails": {
+         "cipherSuite": "TLS_AES_128_GCM_SHA256",
+         "clientProvidedHostHeader": "iam.amazonaws.com",
+         "tlsVersion": "TLSv1.3"
+      },
+      "userAgent": "aws-cli/2.17.32 md/awscrt#0.21.2 ua/2.0 os/linux#100.17.9.229-microsoft-standard-WSL2 md/arch#x86_64 lang/python#3.11.9 md/pyimpl#CPython exec-env/grimoire_26bb1fec-10f7-4d6b-b066-0111a84c7bff cfg/retry-mode#standard md/installer#exe md/distrib#ubuntu.24 md/prompt#off md/command#iam.create-policy",
+      "userIdentity": {
+         "accessKeyId": "ASIA48E5EUGOF4RDUZSA",
+         "accountId": "186599486980",
+         "arn": "arn:aws:sts::186599486980:assumed-role/AWSReservedSSO_ReadOnlyAccess_ff7f8c5c5851aa11/TrailDiscover",
+         "principalId": "AROAC40R4TTV05DWF5L1H:TrailDiscover",
+         "sessionContext": {
+            "attributes": {
+               "creationDate": "2024-12-15T20:02:14Z",
+               "mfaAuthenticated": "false"
+            },
+            "sessionIssuer": {
+               "accountId": "186599486980",
+               "arn": "arn:aws:iam::186599486980:role/aws-reserved/sso.amazonaws.com/us-westsouth-3r/AWSReservedSSO_ReadOnlyAccess_ff7f8c5c5851aa11",
+               "principalId": "AROAC40R4TTV05DWF5L1H",
+               "type": "Role",
+               "userName": "AWSReservedSSO_ReadOnlyAccess_ff7f8c5c5851aa11"
+            }
+         },
+         "type": "AssumedRole"
+      }
+   }
+]