SilverInc
SilverInc is a criminal resale service associated with Pillar Security’s reported “Bizarre Bazaar” campaign targeting exposed or weakly authenticated LLM infrastructure. According to the provided content, SilverInc operates the commercial service at silver[.]inc, markets it on Telegram and Discord, and resells unauthorized access to AI infrastructure in exchange for cryptocurrency or PayPal payments. The service promotes a project called “NeXeonAI,” advertised as a unified AI infrastructure providing access to more than 50 AI models from leading providers. The broader campaign targeted exposed self-hosted LLM deployments, unauthenticated Ollama endpoints on port 11434, OpenAI-compatible APIs on port 8000, publicly accessible MCP servers, and unauthenticated production chatbots. Reported objectives included stealing compute for cryptomining, reselling API access, exfiltrating prompt and conversation data, and attempting internal pivoting via MCP servers. Pillar Security assessed a three-actor criminal supply chain consisting of a scanner, a validator, and a reseller; SilverInc corresponds to the reseller role. The operation was attributed in the content to aliases including Hecker, Sakuya, and LiveGamer101.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.