Hackers have launched a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks. The attack, codenamed Panamorfi, leverages a Java-based tool originally designed for Minecraft game servers to flood targets with TCP connection requests.
Key Takeaways
Target: Misconfigured Jupyter Notebooks
Tool Used: Java-based mineping, originally for Minecraft servers
Method: Exploitation of internet-exposed Jupyter Notebook instances
Objective: Consume server resources via TCP flood DDoS attack
Threat Actor: Identified as yawixooo
Attack Details
Cybersecurity researchers from Aqua have disclosed that the Panamorfi campaign uses a tool called mineping to launch TCP flood DDoS attacks. Mineping, a DDoS package designed for Minecraft servers, is repurposed to exploit Jupyter Notebooks exposed to the internet.
The attack chain begins with the exploitation of these Jupyter Notebook instances to run commands, which fetch a ZIP archive from a file-sharing site called Filebin. This ZIP file contains two Java archive (JAR) files: and . The file establishes connections to a Discord channel and triggers the execution of the package.
Execution and Impact
The primary aim of this attack is to consume the resources of the target server by sending a large number of TCP connection requests. The results of these attacks are then written to a Discord channel, providing real-time updates to the threat actor.
The campaign has been attributed to a threat actor known as yawixooo, who has a public repository on GitHub containing a Minecraft server properties file. This is not the first time Jupyter Notebooks have been targeted; in October 2023, a Tunisian threat actor named Qubitstrike was observed breaching Jupyter Notebooks to mine cryptocurrency and breach cloud environments.
The Panamorfi campaign highlights the ongoing risks associated with misconfigured internet-exposed services. Organizations using Jupyter Notebooks should ensure proper configuration and security measures to mitigate such threats.
In today's digital age, robust cybersecurity measures are more important than ever. At BetterWorld Technology, our team of cybersecurity experts is committed to safeguarding your business from evolving threats. We offer comprehensive solutions tailored to protect your data and infrastructure. Whether you need proactive monitoring, threat assessment, or incident response, BetterWorld Technology has the expertise to keep your business secure. Contact us today to learn how our cutting-edge cybersecurity services can fortify your defenses. Enhance your cybersecurity posture and ensure peace of mind with BetterWorld Technology.