Cybersecurity researchers have revealed details of a new Distributed Denial of Service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks.
Activity, code name Panamorphic By cloud security firm Aqua, uses a Java-based tool called mining A TCP flood to launch a DDoS attack. Mining is a DDoS package designed for Minecraft game servers.
The attack chains exploit Internet-exposed Jupyter Notebook instances to run widget commands to retrieve a ZIP archive hosted on a file-sharing site called FileBin.
The zip file contains two Java Archive (JAR) files, conn.jar and mineping.jar, which are used to establish a connection to the Discord channel and trigger the mineping.jar package’s execution.
“The aim of this attack is to consume the target server’s resources by sending a large number of TCP connection requests,” Aqua researcher Asaf Morag said. said. “Results are posted on the Discord channel.”
The attack campaign has been attributed to a threat actor known as Somewhose GitHub account has a public repository containing the Minecraft server properties file.
This is not the first time that an Internet-accessible Jupyter Notebook has been targeted by adversaries. In October 2023, a Tunisian threat was dubbed. Qubitstrike Jupyter Notebooks were seen to be breached in an attempt to illegally mine cryptocurrency and breach cloud environments.