Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools.
The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The Hacker News.
The covert piracy campaign within interactive environments widely used for data science applications was discovered by the cloud security firm following an attack against its honeypots.
“First, the attacker updated the server, then downloaded the tool FFmpeg,” Assaf Morag, director of threat intelligence at cloud security firm Aqua. “This action alone is not a strong enough indicator for security tools to flag malicious activity.”
“Next, the attacker executed FFmpeg to capture live streams of sports events and redirected them to their server.”
In a nutshell, the end goal of the campaign is to download FFmpeg from MediaFire and use it to record live sports events feeds from the Qatari beIN Sports network and duplicate the broadcast on their illegal server via ustream[.]tv.
It’s not clear who is behind the campaign, although there are indications that they could be of Arab-speaking origin owing to one of the IP addresses used (41.200.191[.]23).
“However, it’s crucial to remember that the attackers gained access to a server intended for data analysis, which could have serious consequences for any organization’s operations,” Morag said.
“Potential risks include denial-of-service, data manipulation, data theft, corruption of AI and ML processes, lateral movement to more critical environments, and, in the worst-case scenario, substantial financial and reputational damage.”
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
The Hacker News
