heroui logo

AWS Bedrock API Key Used for Destructive or Anti-Recovery Action

Elastic Detection Rules

View Source
Summary
Detects usage of Amazon Bedrock API keys (bearer tokens) to perform destructive or anti-recovery control-plane actions in AWS Bedrock. The rule relies on CloudTrail data and flags requests where additionalEventData.callWithBearerToken is true, indicating bearer-token usage intended for model invocation. It matches specific destructive actions such as DeleteGuardrail, DeleteModelInvocationLoggingConfiguration, PutModelInvocationLoggingConfiguration, DeleteImportedModel, DeleteCustomModel, DeleteModelCustomizationJob, DeleteProvisionedModelThroughput, and DeleteMarketplaceModelEndpoint, regardless of outcome, since a failed attempt can still indicate credential abuse. This behavior is inconsistent with the intended purpose of Bedrock API keys and is characteristic of LLMjacking or sabotage after credential theft. The rule maps detected activity to MITRE ATT&CK techniques Data Destruction (T1485) and Impair Defenses / Disable or Modify Tools (T1562.001). It is intended for CloudTrail logs ingested via the Elastic AWS integration and is considered high-severity with a risk score of 73. The rule supports incident response by guiding triage steps, potential false positives, and remediation actions. False positives can arise from sanctioned automation; validation should confirm the principal (aws.cloudtrail.user_identity.arn), the resource being changed (aws.cloudtrail.request_parameters), and whether the action was expected. Remediation includes revoking the Bedrock API key (inline deny on bedrock:CallWithBearerToken or deactivating the credential), restoring deleted resources or re-enabling logging, rotating keys, and reviewing related activity for persistence indicators.
Categories
  • Cloud
  • AWS
Data Sources
  • Cloud Service
ATT&CK Techniques
  • T1485
  • T1562
  • T1562.001
Created: 2026-07-06