Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

Technology

Aug 03, 2024Ravie LakshmananDDoS Attack / Server Security

Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks.

The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers.

Attack chains entail the exploitation of internet-exposed Jupyter Notebook instances to run wget commands for fetching a ZIP archive hosted on a file-sharing site called Filebin.

Cybersecurity

The ZIP file contains two Java archive (JAR) files, conn.jar and mineping.jar, with the former used to establish connections to a Discord channel and trigger the execution of the mineping.jar package.

“This attack aims to consume the resources of the target server by sending a large number of TCP connection requests,” Aqua researcher Assaf Morag said. “The results are written to the Discord channel.”

Minecraft DDoS Tool

The attack campaign has been attributed to a threat actor who goes by the name yawixooo, whose GitHub account has a public repository containing a Minecraft server properties file.

This is not the first time internet-accessible Jupyter Notebooks have been targeted by adversaries. In October 2023, a Tunisian threat dubbed Qubitstrike was observed breaching Jupyter Notebooks in an attempt to illicitly mine cryptocurrency and breach cloud environments.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Read original source here.

Products You May Like

Articles You May Like

‘S.T.A.L.K.E.R. 2’ Makes the War in Ukraine Into a Playable Nightmare
Movie Review: ‘Wicked’ | Moviefone
Super Micro hires new auditor to maintain Nasdaq listing; shares pop
Utah Bans 14th Book From Schools Statewide
Trump picks Scott Bessent to serve as treasury secretary – NBC Los Angeles