Cado Security has discovered a new cryptojacking campaign targeting exposed Jupyter Notebooks, commonly deployed in cloud environments, with providers such as Google and AWS offering them as managed services. This campaign is particularly “cloud-y” – not only is it targeting Jupyter, but the malware developer is deliberately trying to steal cloud credentials. Cado even saw attempts to use these credentials to access cloud services.
The payloads for the campaign are all hosted on codeberg.org, providing much of the same functionality as Github – the first time Cado researchers have encountered this platform in an active malware campaign. The malware includes relatively sophisticated command and control (C2) infrastructure, with the controller using Discord’s bot functionality to issue commands on compromised nodes and monitor the campaign’s progress.
Qubitstrike (the name given to malware by the developer) attackers specifically seek Cloud Service Provider (CSP) credentials. Cado observed attempts by the attackers to utilize stolen CSP credentials for further exploitation.
You can read the report here.
Like this:
Like Loading...
Related
This entry was posted on October 18, 2023 at 9:00 am and is filed under Commentary with tags Cado Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Cryptojacking Malware Campaign Targeting Jupyter to Steal Credentials & Access Cloud Services
Cado Security has discovered a new cryptojacking campaign targeting exposed Jupyter Notebooks, commonly deployed in cloud environments, with providers such as Google and AWS offering them as managed services. This campaign is particularly “cloud-y” – not only is it targeting Jupyter, but the malware developer is deliberately trying to steal cloud credentials. Cado even saw attempts to use these credentials to access cloud services.
The payloads for the campaign are all hosted on codeberg.org, providing much of the same functionality as Github – the first time Cado researchers have encountered this platform in an active malware campaign. The malware includes relatively sophisticated command and control (C2) infrastructure, with the controller using Discord’s bot functionality to issue commands on compromised nodes and monitor the campaign’s progress.
Qubitstrike (the name given to malware by the developer) attackers specifically seek Cloud Service Provider (CSP) credentials. Cado observed attempts by the attackers to utilize stolen CSP credentials for further exploitation.
You can read the report here.
Share this:
Like this:
Related
This entry was posted on October 18, 2023 at 9:00 am and is filed under Commentary with tags Cado Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.