Cybersecurity researchers have disclosed particulars of a brand new distributed denial-of-service (DDoS) assault marketing campaign focusing on misconfigured Jupyter Notebooks.
The exercise, codenamed Panamorfi by cloud safety agency Aqua, makes use of a Java-based device known as mineping to launch a TCP flood DDoS assault. Mineping is a DDoS package deal designed for Minecraft sport servers.
Assault chains entail the exploitation of internet-exposed Jupyter Pocket book situations to run wget instructions for fetching a ZIP archive hosted on a file-sharing website known as Filebin.
The ZIP file incorporates two Java archive (JAR) information, conn.jar and mineping.jar, with the previous used to ascertain connections to a Discord channel and set off the execution of the mineping.jar package deal.
“This assault goals to eat the sources of the goal server by sending numerous TCP connection requests,” Aqua researcher Assaf Morag stated. “The outcomes are written to the Discord channel.”
The assault marketing campaign has been attributed to a menace actor who goes by the title yawixooo, whose GitHub account has a public repository containing a Minecraft server properties file.
This isn’t the primary time internet-accessible Jupyter Notebooks have been focused by adversaries. In October 2023, a Tunisian menace dubbed Qubitstrike was noticed breaching Jupyter Notebooks in an try to illicitly mine cryptocurrency and breach cloud environments.