Cybersecurity researchers have unveiled ShadowRay 2.0, an active hacking campaign exploiting a vulnerability in the Ray AI framework, CVE-2023-48022. Launched by threat actors named IronErn440, this campaign has evolved from its initial discovery with attackers employing refined methods to remain unnoticed while commandeering AI computing clusters for cryptocurrency mining.
The extent of exposure has escalated dramatically, with over 230,000 instances of Ray servers currently vulnerable. The attackers utilize GitLab and GitHub to propagate their malware, showcasing adaptability in their operations. Disturbingly, they harness AI to create auto-generated payloads that can scan for resources and deploy cryptocurrency miners disguised as system processes, enhancing their chances of evading detection.
Additionally, the campaign indicates competition among cybercriminals, where scripts are deployed to eliminate competing miners. By modifying geographic targets and continuously updating their methods, these attackers present an evolving threat to AI infrastructure and the global cybersecurity landscape. The sophistication behind their operational dynamics warrants serious attention from cybersecurity experts.
👉 Pročitaj original: Cyber Security News
