March 27, 2024 at 07:03AM
Researchers warn that threat actors are actively exploiting an unpatched vulnerability in the open-source artificial intelligence platform Anyscale Ray to hijack computing power for illicit cryptocurrency mining, affecting various sectors. The vulnerability, CVE-2023-48022, allows remote attackers to execute arbitrary code, leading to the breach of sensitive data and potential long-term access.
Key takeaways from the meeting notes:
1. Anyscale Ray, an open-source AI platform, is being actively exploited by threat actors to hijack computing power for illicit cryptocurrency mining.
2. The ongoing campaign, codenamed ShadowRay, has been affecting various sectors since September 2023, including education, cryptocurrency, biopharma, and more.
3. The security vulnerability in question is CVE-2023-48022 (CVSS score: 9.8), a critical missing authentication bug that allows remote attackers to execute arbitrary code via the job submission API.
4. Anyscale has stated that it does not plan to fix the issue at this time, citing long-standing design decisions based on security boundaries and deployment best practices.
5. Oligo Security observed the ShadowRay vulnerability being exploited to breach hundreds of Ray GPU clusters, leading to the compromise of sensitive credentials and access to cloud environments from major providers like Amazon Web Services, Google Cloud, and Microsoft Azure.
6. The attackers have been using cryptocurrency miners and open-source tools to remain undetected while monetizing their attacks.
Feel free to reach out if you need additional information or details on this topic.