Type
Campaign
Actors
Unknown
Pub. date
November 19, 2024
Initial access
Software misconfig
Impact
Observed techniques
Jupyter Notebook misconfig abuse
Observed tools
ffmpeg
Targeted technologies
Jupyter NotebookJupyterLab
References
https://www.aquasec.com/blog/threat-actors-hijack-misconfigured-servers-for-live-sports-streaming/
Status
Finalized
Last edited
Nov 21, 2024 3:57 PM
Threat actors have developed an attack leveraging misconfigured JupyterLab and Jupyter Notebook servers to conduct illegal live streaming of sports events. By exploiting unauthenticated access to these environments, attackers deploy the open-source tool ffmpeg to capture and redirect live streams, bypassing detection. The operation utilizes unprotected Jupyter servers exposed to the internet, often with weak or no authentication, to execute remote code and hijack resources.
The attackers’ flow involves accessing vulnerable servers, downloading ffmpeg, and streaming content to unauthorized platforms for profit. Evidence links the campaign to Algerian IPs, targeting high-profile sports broadcasts like the UEFA Champions League.