Type
Campaign
Actors
Pub. date
July 11, 2023
Initial access
Software misconfig
Impact
Resource hijacking
Status
Stub
Last edited
Jun 2, 2024 8:02 AM
In mid-2023, an unknown financially-motivated threat actor began targeting publicly exposed Jupyter Notebook instances to hijack them for running cryptomining operations. The threat actor deployed a fileless Python tool (dubbed “PyLoose”) that loaded an XMRig miner directly into memory.