Type
Campaign
Actors
PyLoose operator
Pub. date
July 11, 2023
Initial access
Software misconfig
Impact
Resource hijacking
References
https://www.wiz.io/blog/pyloose-first-python-based-fileless-attack-on-cloud-workloads
Status
Stub
Last edited
Jun 2, 2024 8:02 AM
In mid-2023, an unknown financially-motivated threat actor began targeting publicly exposed Jupyter Notebook instances to hijack them for running cryptomining operations. The threat actor deployed a fileless Python tool (dubbed “PyLoose”) that loaded an XMRig miner directly into memory.