AI Framework Fiasco: ShadowRay 2.0 Exploits Old Vulnerability for Cryptojacking Chaos!
Threat actors are exploiting a vulnerability in the Ray AI framework, known as CVE-2023-48022, in a campaign called ShadowRay 2.0. By hijacking Python-based AI clusters, they’ve turned them into crypto-mining machines. Using AI-generated payloads, they’re essentially running the DevOps of cybercrime, proving that even AI can have a rebellious streak!
Hot Take:
Oh, Ray! It seems your clusters have become the new hot spot for digital squatters. Who knew AI infrastructure could be so hospitable to cybercriminals? It’s like leaving the door wide open and wondering why there’s a party going on in your living room. Pro tip: Have you tried locking the door? Anyscale might want to consider hiring an AI security consultant, preferably one who has a thing for virtual locksmithing. Meanwhile, the cyber attackers have rolled out the red carpet for their crypto-mining gala, complete with orchestration and a DDoS fireworks show. Bravo!
Key Points:
– A two-year-old vulnerability, CVE-2023-48022, in Ray AI framework is being exploited by threat actors.
– The vulnerability allows remote, unauthenticated code execution via the Jobs API.
– The latest campaign, dubbed ShadowRay 2.0, involves cryptojacking and DDoS attacks.
– Attackers have used legitimate code-sharing platforms like GitLab and GitHub for payload delivery.
– Over 230,000 Ray servers have been compromised, affecting startups and research organizations.