Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

News

Aug 03, 2024Ravie LakshmananDDoS Attack / Server Security

Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks.

The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers.

Attack chains entail the exploitation of internet-exposed Jupyter Notebook instances to run wget commands for fetching a ZIP archive hosted on a file-sharing site called Filebin.

Cybersecurity

The ZIP file contains two Java archive (JAR) files, conn.jar and mineping.jar, with the former used to establish connections to a Discord channel and trigger the execution of the mineping.jar package.

“This attack aims to consume the resources of the target server by sending a large number of TCP connection requests,” Aqua researcher Assaf Morag said. “The results are written to the Discord channel.”

Minecraft DDoS Tool

The attack campaign has been attributed to a threat actor who goes by the name yawixooo, whose GitHub account has a public repository containing a Minecraft server properties file.

This is not the first time internet-accessible Jupyter Notebooks have been targeted by adversaries. In October 2023, a Tunisian threat dubbed Qubitstrike was observed breaching Jupyter Notebooks in an attempt to illicitly mine cryptocurrency and breach cloud environments.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk
Fake Donald Trump Assassination Story Used in Phishing Scam
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
The Problem of Permissions and Non-Human Identities – Why Remediating Credentials Takes Longer Than You Think
10 Most Impactful PAM Use Cases for Enhancing Organizational Security

Leave a Reply

Your email address will not be published. Required fields are marked *