Self-replicating botnet attacks Ray clusters

Self-replicating botnet attacks Ray clusters

Briefly

"Malefactors are actively attacking internet-facing Ray clusters and abusing the open source AI framework to spread a self-replicating botnet that mines for cryptocurrency, steals data, and launches distributed denial of service (DDoS) attacks. Oligo Security bug hunters say the ongoing campaign, which they've named ShadowRay 2.0, has been active since at least September 2024. The attacks exploit CVE-2023-48022, a critical - and unpatched - vulnerability in Ray, an open source distributed computing framework for AI workloads that's used by major tech companies, including Amazon, Apple, and OpenAI."

"This is the same flaw Oligo previously reported as being under exploitation in late 2023. At the time, the application security firm dubbed the vulnerability ShadowRay. The security hole, which received a 9.8 CVSS rating, allows remote attackers to execute arbitrary code via an exposed Ray dashboard API. It remains unpatched because Anyscale, the vendor that developed the framework, maintains that Ray is not intended for use outside a "strictly controlled network environment," and, as such, the bug report is irrelevant. In October, Anyscale handed off Ray to the Linux Foundation's PyTorch Foundation, which is now responsible for maintaining the open source project."

""The latest campaign represents a major evolution from our initial ShadowRay discovery," Oligo researcher Avi Lumelsky and Gal Elbaz wrote in a Tuesday blog post. While it shares some similarities with the initial attacks, it's being carried out by a different attacker or group using different techniques. "The attackers, operating under the name IronErn440, have turned Ray's legitimate orchestration features into tools for a self-propagating, globally cryptojacking op"