Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool
Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks.
The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers.
Attack chains entail the exploitation of internet-exposed Jupyter Notebook instances to run wget commands for fetching a ZIP archive hosted on a file-sharing site called Filebin.
The ZIP file contains two Java archive (JAR) files, conn.jar and mineping.jar, with the former used to establish connections to a Discord channel and trigger the execution of the mineping.jar package.
“This attack aims to consume the resources of the target server by sending a large number of TCP connection requests,” Aqua researcher Assaf Morag said. “The results are written to the Discord channel.”
The attack campaign has been attributed to a threat actor who goes by the name yawixooo, whose GitHub account has a public repository containing a Minecraft server properties file.
This is not the first time internet-accessible Jupyter Notebooks have been targeted by adversaries. In October 2023, a Tunisian threat dubbed Qubitstrike was observed breaching Jupyter Notebooks in an attempt to illicitly mine cryptocurrency and breach cloud environments.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
