Carding Forum
Professional
Minecraft and Discord have become the main tools for conducting DDoS attacks.
AquaSec experts have identified a new DDoS attack campaign called "Panamorfi". These attacks use a package called " mineping.jar", written in Java and designed to launch DDoS attacks like TCP flood. It is noteworthy that Mineping was originally developed for Minecraft servers.
The chain of attacks begins by exploiting open instances of Jupyter Notebook on the Internet to execute wget commands to download a ZIP archive hosted on the Filebin site. The ZIP archive contains two JAR files: "conn.jar" and "mineping.jar". The first one is used to establish connections to the Discord channel and directly launch package execution "mineping.jar".
According to Aqua researcher Assaf Morag, the purpose of the attack is to consume the resources of the target server by sending a large number of requests to establish TCP connections. The results of the attack are displayed in a separate Discord channel.
This malicious campaign is attributed to an attacker under the pseudonym "yawixooo", whose GitHub account contains a public repository with a Minecraft server configuration file.
This is not the first time that instances of Jupyter Notebook that are open to access from the Internet have become a target for attacks. In October 2023, for example, Cado Security experts identified a Qubitstrike campaign organized by a Tunisian group that tried to use Jupyter Notebook for illegal cryptocurrency mining and hacking into cloud environments.
Researchers warn that attacks on Jupyter Notebook are becoming more frequent and sophisticated. IT professionals need to pay special attention to the configuration and security of these tools in order to prevent similar incidents in the future.
Source
AquaSec experts have identified a new DDoS attack campaign called "Panamorfi". These attacks use a package called " mineping.jar", written in Java and designed to launch DDoS attacks like TCP flood. It is noteworthy that Mineping was originally developed for Minecraft servers.
The chain of attacks begins by exploiting open instances of Jupyter Notebook on the Internet to execute wget commands to download a ZIP archive hosted on the Filebin site. The ZIP archive contains two JAR files: "conn.jar" and "mineping.jar". The first one is used to establish connections to the Discord channel and directly launch package execution "mineping.jar".
According to Aqua researcher Assaf Morag, the purpose of the attack is to consume the resources of the target server by sending a large number of requests to establish TCP connections. The results of the attack are displayed in a separate Discord channel.
This malicious campaign is attributed to an attacker under the pseudonym "yawixooo", whose GitHub account contains a public repository with a Minecraft server configuration file.
This is not the first time that instances of Jupyter Notebook that are open to access from the Internet have become a target for attacks. In October 2023, for example, Cado Security experts identified a Qubitstrike campaign organized by a Tunisian group that tried to use Jupyter Notebook for illegal cryptocurrency mining and hacking into cloud environments.
Researchers warn that attacks on Jupyter Notebook are becoming more frequent and sophisticated. IT professionals need to pay special attention to the configuration and security of these tools in order to prevent similar incidents in the future.
Source
