Type
Campaign
Actors
Unknown
Pub. date
December 28, 2022
Initial access
Software misconfigWeb vulnerability
Impact
Data exfiltration
Observed techniques
Jupyter Notebook misconfig abuse
Targeted technologies
Jupyter Notebook
References
https://permiso.io/blog/s/christmas-cloud-cred-harvesting-campaign/
Status
Finalized
Last edited
Jun 2, 2024 8:02 AM
Permiso identified a credential harvesting campaign targeting cloud infrastructure for the purpose of harvesting credentials. The majority of the victim system were running public facing Juptyer Notebooks. At the time of writing there were about 50 compromised systems. The initial infection for the compromised systems is not currently known, though suspected to be related to exploitation of vulnerable web applications.
The majority of the victims are running public facing Jupyter Notebooks or Kubenertes; at least 21 of the victims are running a publicly accessible Jupyter Notebooks instance.