Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and allow sports activities piracy utilizing reside streaming seize instruments.
The assaults contain the hijack of unauthenticated Jupyter Notebooks to ascertain preliminary entry, and carry out a sequence of actions designed to facilitate unlawful reside streaming of sports activities occasions, Aqua mentioned in a report shared with The Hacker Information.
The covert piracy marketing campaign inside interactive environments broadly used for knowledge science functions was found by the cloud safety agency following an assault in opposition to its honeypots.
“First, the attacker updated the server, then downloaded the tool FFmpeg,” Assaf Morag, director of risk intelligence at cloud safety agency Aqua. “This action alone is not a strong enough indicator for security tools to flag malicious activity.”
“Next, the attacker executed FFmpeg to capture live streams of sports events and redirected them to their server.”
In a nutshell, the tip aim of the marketing campaign is to obtain FFmpeg from MediaFire and use it to document reside sports activities occasions feeds from the Qatari beIN Sports activities community and duplicate the printed on their unlawful server through ustream[.]television.
It isn’t clear who’s behind the marketing campaign, though there are indications that they could possibly be of Arab-speaking origin owing to one of many IP addresses used (41.200.191[.]23).
“However, it’s crucial to remember that the attackers gained access to a server intended for data analysis, which could have serious consequences for any organization’s operations,” Morag mentioned.
“Potential risks include denial-of-service, data manipulation, data theft, corruption of AI and ML processes, lateral movement to more critical environments, and, in the worst-case scenario, substantial financial and reputational damage.”
