Attackers use misconfigured JupyterLab and Jupyter Notebooks to copy streams and enable sports piracy using live stream capture tools.
The attacks involve hijacking unauthenticated Jupyter laptops to establish initial access and performing a series of actions aimed at facilitating the illegal streaming of live sports events, Aqua said. the report shared with The Hacker News.
A stealth hacking campaign in interactive environments widely used for data science applications has been discovered by a cloud security company after its decoys were attacked.
“The attacker first updated the server, then downloaded the tool FFmpeg” – Assaf Morag, director of threat intelligence at cloud security company Aqua. “This action alone is not a strong enough indicator for security tools to flag malicious activity.”
“The attacker then ran FFmpeg to capture live streams of sports events and redirected them to his server.”
In a nutshell, the ultimate goal of the campaign is to download FFmpeg from MediaFire and use it to record live sports feeds from the Qatari network beIN Sports and duplicate the broadcast to their illegal server via ustream(.)tv.
It is unclear who is behind the company, although there are indications that they may be of Arabic-speaking origin due to one of the IP addresses used (41.200.191(.)23).
“However, it is important to remember that attackers gained access to a server designed for data analysis, which could have serious implications for any organization’s operations,” Morag said.
“Potential risks include denial of service, data manipulation, data theft, damage to AI and throttling processes, lateral movement to more critical environments, and, in the worst-case scenario, significant financial and reputational damage.”
