ShadowRay 2.0: The Unstoppable Bug that’s Turning Ray Clusters into a Cryptomining Circus
Malefactors are exploiting a critical vulnerability in Ray, an AI framework, to spread the ShadowRay 2.0 botnet. This unpatched flaw allows attackers to execute code through Ray’s dashboard API, using its orchestration features for a global cryptojacking operation. Despite GitHub’s intervention, the campaign remains resilient and active, affecting thousands of clusters worldwide.
Hot Take:
**_The good news is that open-source technology is making AI accessible to everyone. The bad news? It turns out “everyone” includes mischievous hackers who think mining cryptocurrency and staging DDoS attacks are productive uses of their time. So, while Ray was designed for a “strictly controlled network environment,” it seems the only thing being strictly controlled is the flow of cryptocurrency into the attackers’ digital wallets._**
Key Points:
– ShadowRay 2.0 exploits a critical, unpatched vulnerability in Ray, impacting major tech companies.
– The notorious CVE-2023-48022 flaw allows attackers to execute arbitrary code via the Ray dashboard API.
– The campaign, led by IronErn440, hijacks Ray clusters for cryptomining and DDoS attacks.
– Attackers have moved their operations from GitLab to GitHub, continuing their malicious activities.
– The exploitation leverages Ray’s features, posing a configuration vulnerability rather than a traditional flaw.