Type
Campaign
Actors
Pub. date
November 19, 2024
Initial access
Software misconfig
Impact
Observed techniques
Observed tools
Targeted technologies
References
Status
Finalized
Last edited
Nov 21, 2024 3:57 PM
Threat actors have developed an attack leveraging misconfigured JupyterLab and Jupyter Notebook servers to conduct illegal live streaming of sports events. By exploiting unauthenticated access to these environments, attackers deploy the open-source tool ffmpeg to capture and redirect live streams, bypassing detection. The operation utilizes unprotected Jupyter servers exposed to the internet, often with weak or no authentication, to execute remote code and hijack resources.
The attackers’ flow involves accessing vulnerable servers, downloading ffmpeg, and streaming content to unauthorized platforms for profit. Evidence links the campaign to Algerian IPs, targeting high-profile sports broadcasts like the UEFA Champions League.