Aqua Nautilus’ research reveals hackers are leveraging vulnerable and misconfigured Jupyter Notebook servers to steal live sports streams.…

Aqua Nautilus’ research reveals hackers are leveraging vulnerable and misconfigured Jupyter Notebook servers to steal live sports streams. Learn about the techniques used, the risks involved, and how to protect your organization from similar attacks.

Cybersecurity researchers at Aqua Nautilus uncovered a novel attack technique where threat actors exploited misconfigured JupyterLab and Jupyter Notebook servers to illegally stream sports events, drop live streaming capture tools, and duplicate broadcasts on their illegal server, causing stream ripping.

Unfortunately, illegal live streaming of sports events is a growing issue, impacting broadcasters, leagues, and legitimate platforms. With readily available streaming tools and high-speed internet, unauthorized broadcasts are flourishing, causing financial losses for both major leagues and smaller teams dependent on viewership revenue.

The targeted source streamed the UEFA Champions League match between Shakhtar Donetsk and BSC Young Boys on November 6, 2024 (Screenshot: Aqua Nautilus)

“The problem is widespread, with 5.1 million adults in England, Scotland, and Wales admitting to watching an illegal stream during the first six of last year,” researchers noted in the blog post. 

In this instance, the red flag was the seemingly harmless tool, ffmpeg. This open-source software is widely used for video processing and streaming. While threat intelligence confirmed its legitimacy, closer inspection revealed a twist. The attackers exploited misconfigured JupyterLab and Jupyter Notebook environments to gain access and deploy ffmpeg for live stream ripping.

The attack started with exploiting unauthenticated access to JupyterLab or Jupyter Notebook, which allowed remote code execution. The attackers then updated the server and downloaded ffmpeg, which was repurposed to capture live sports streams and redirect them to a malicious server. 

This reveals that the MITRE ATT&CK framework was used in an attack, where adversaries gained access through misconfigured Jupyter Notebook and JupyterLab environments. Attackers installed and ran ffmpeg, exfiltrated video content, and used the victim’s bandwidth to transfer the stolen streaming data.

This exploitation can result in “denial of service, data manipulation, data theft, corruption of AI and ML processes, lateral movement to more critical environments and, in the worst-case scenario, substantial financial and reputational damage,” researchers explained.

Attack flow (Screenshot: Aqua Nautilus)

Though seemingly minor in its immediate impact on organizations, the attack indicates the importance of behavioural analysis. Traditional security solutions might overlook such activity. However, the unusual deployment and execution of ffmpeg for live-stream capture alerted Aqua Nautilus’ security team. By analyzing network traffic, files, and memory dumps, Aqua Nautilus was able to reconstruct the entire attack sequence.

Undoubtedly, JupyterLab and Jupyter Notebook are valuable assets for data scientists, but security shortcomings can leave them vulnerable. Often, these servers are managed by individuals without a strong security background.

Leaving them connected to the internet with open access or weak firewalls allows threat actors to exploit them for attack. Token mishandling is another concern, as exposed tokens can grant full access. Thankfully, implementing best practices like restricted IPs, strong authentication, HTTPS, and proper token management can greatly lower these risks.

1.  New Jupyter infostealer delivered through the MSI installer
2.  Qubitstrike Malware Hits Jupyter Notebooks for Cloud Data
3.  New Jupyter backdoor malware steals Chrome, Firefox data
4.  NTLM Credential Theft in Python Apps Risk Windows Security
5.  PythonAnywhere Cloud Platform Abused to Host Ransomware

Hackers Exploit Misconfigured Jupyter Servers for Illegal Sports Streaming

People are receiving disturbing emails that appear to imply something has happened to their friend or family member.

Tech support scammers are again stooping low with their email campaigns. This particular one hints that one of your contacts may have met an untimely end.

It all starts with an email titled “Sad announcement” followed by a full name of someone you know. The email may appear to come from the person themselves.

A co-worker who received such an email pointed it out to our team. Looking around, I found the first report about such an email in a tweet dating back to February 5, 2024.

With some more information about what I was looking for, I managed to find several more.

There is a great deal of variation between the emails, but we do have enough samples to show you a pattern which looks like this:

Subject: Sad announcement: <First name><Last name>

Sometimes the colon is replaced by the word “from”.

Then a short sentence to pique the reader’s curiosity, which often references photos. Here are some examples:

> “When you open them you will see why I actually wanted to share them with you today”
> 
> “Never thought I would want to share these images with you, anyways here they are”
> 
> “I’m presuming you should remember these two ladies, in that photo”
> 
> “When I was looking through some old folders I found these 3 pics”
> 
> “it wasn’t initially my plan, but I had to change my mind about it”
> 
> “Two pictures that I wanted to share with you. They’re likely to bring a flood of memories to you, as they did to me…”
> 
> “Probably should have contacted you a little bit earlier. Anyways just wanted to keep you updated”

This is then immediately followed by a link. These also follow a certain pattern:

gjsqr.hytsiysx.com

tmdlod.vdicedohf.com

gtfhq.rmldxkff.com

pdbh.ramahteen.com

owwiu.dexfyerd.com

roix.unrgagceso.com

yrlbi.vohdsniuz.com

uqjk.mbafwnds.com

vjdbd.hhesdeh.com

mbjzo.enexoo.com

These domains are all registered with NameCheap and are only active for a few days.

To close the emails off, the scammers end with a quote in the format:

> “You do not find the happy life. You make it.” –  Camilla Eyring Kimball

The sender addresses are spoofed to look like they were coming from family or friends of the target. The actual sender addresses are compromised accounts from all over the world.

The campaign looks to have targeted mainly the US, but I also found some located in Ireland and the UK and some odd ones in India and Italy.

So, the question is, what are they after? The short-lived domains really made it hard for me to figure that out. It took me quite a bit to find a domain that was still active, but then I knew soon enough what the end-goal of the spammers was.

A short chain of redirects sent me to https://niceandsafetystore0990.blob.core.windows[.]net/niceandsafetystore0990/index.html which is now blocked by Malwarebytes Browser Guard.

The blob.core.windows.net subdomains are unique identifiers for Azure Blob Storage accounts. They follow this format:

<storageaccountname>.blob.core.windows.net

Where <storageaccountname> is the name of the specific Azure Storage account. Spammers like using them because the windows.net part of the domain makes them look trustworthy.

The website itself probably looks familiar to a lot of readers: A fake online Windows Defender scan.

The fake Windows Defender site shows that your system is infected with loads of threats.

Funny enough the site claims to be Windows Defender, but uses Malwarebytes’ detection names. For example: Microsoft does not detect the Potentially Unwanted Program which Malwarebytes detects as PUP.Optional.RelevantKnowledge.

Anyway, the website quickly takes up the entire screen, so you have to click or hold (depending on your browser) the ESC button to get back the controls that allow you to close the website.

Now that you have seen the patterns in the email, we hope that you will refrain from clicking the links. The redirect chain can be changed and may be different for your location and type of system. So, there may be more serious consequences than an annoying website.

**How to avoid the “sad announcement” scam**

*   Always compare the actual sender address with the email address this person would normally use to send you an email.
*   Never click on link in an unsolicited email before checking with the sender.
*   Don’t call the phone numbers displayed on the website, because they will try to defraud you.
*   If in doubt, contact your friend via another, trusted method

If your browser or mobile device “locks up”, meaning you’re no longer able to navigate away from a virus warning, you’re likely looking at a tech support scam. If something claims to show the files and folders from inside of your browser, this is another signal that you’re on a fake page. Close the browser if possible or restart your device if this doesn’t work.

Despite the occasional arrests and FTC fines for tech support scammers and their henchmen, there are still plenty of cybercriminals active in this field. Scams range from unsolicited calls offering help with your “infected” computer to fully-fledged websites where you can purchase heavily over-priced versions of legitimate security software.

Unfortunately for some people these warnings may have come too late. So what should you do if you have fallen victim to a tech support scam? Here are a few pointers:

*   Have you already paid? Contact your credit card company or bank and let them know what’s happened. You may also need to file a complaint with the FTC or contact your local law enforcement agency, depending on your region.
*   If you’ve shared your password with a scammer, change it on every account that uses this password. Consider using a password manager and enable 2FA for important accounts.
*   Scan your device. If scammers have had access to your system, they may have planted a backdoor so they can revisit whenever they feel like it. Malwarebytes can remove backdoors and other software left behind by scammers.
*   Keep an eye out for unexpected payments. Be on the lookout for suspicious charges/payments on your credit cards and bank accounts so you can revert and stop them.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 “Sad announcement” email leads to tech support scam 

Recent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors.

Source: CG Alex via Shutterstock

Every night for five years, computers and network appliances from the headquarters of the African Union in Ethiopia — a facility built by Chinese firms — reportedly reached out to China-based systems and uploaded sensitive data. The espionage through the technology supply chain, which China's government denies, undermined the security of the pan-African organization.

The incident and more recent supply-chain breaches have underscored that reliance on foreign technological supply chains carries with it significant risks. While using a technology supply chain anchored in China was seen as a less constrained option than US and European options, the truth is that African nations need to evaluate the security of all their supply chains across applications, consumer devices, infrastructure, and service providers, according to a report published by the Africa Center for Strategic Studies, a research and academic center funded by the US Department of Defense.

"I don't think there's an African country that doesn't have some kind of interest in fostering a more robust technology industry and finding various ways to exert more ownership and agency over various aspects of the technology sector," says Nate Allen, associate professor at the Africa Center for Strategic Studies and the author of the report. "You are seeing increasing African interest in having more ownership and say over their technology supply chains."

Supply-chain security has become a major issue worldwide following malicious events, such as the WannaCry and NotPetya worms and the compromise of SolarWinds, as well as IT supply-chain failures, like this summer's CrowdStrike outage. The US government has voiced concerns over the extent to which US maritime ports are reliant on Chinese equipment and investment, and China has begun creating its own operating system and software ecosystem.

Similarly, African nations have become wary of information technology supplied by any number of foreign countries, including China, Russia, the US, and Europe. While African nations need the technology and investment, they are pursuing initiatives to reduce their reliance, says Mark Walker, vice president of data and analytics for the Middle East, Turkey, and Africa for IDC South Africa.

"The reality is that we live in a multidimensional, globally interconnected world, \[where\] development is reliant on significant capital investment and R&D to develop technology — often this is in limited supply across Africa," he says. "That said, many African nations are focusing on developing local software and technology skills in their populations to offset reliance on global players and also ensure that solutions are relevant to local market condition and needs. Education plays a significant role in this."

**China, US Dominate Africa's Tech Market**

Those efforts are still nascent, with the reality that the top technology suppliers in Africa come from China and the US. In mobile applications, for example, 36 of 2023's top-100 applications are from Chinese companies, while 23 are from US companies, according to a report from DataSparkle, a provider of data and analytics for emerging markets. Africa-based developers only account for only seven applications, mostly focused on digital cash and payment applications.

The US dominates the operating-system supply chain with Microsoft's Windows, Google's Android, and Apple's iOS dominating the field.

"If you're not China and you're not the United States, you just have a lot of dependencies in your technology supply chain, and there's no way around it — even to some extent, if you are China and the United States," ACSS's Allen says.

Yet, the 54 nations on the content have options. While foreign firms provide much of the technology, the African market continues to grow and the domestic technology sector continues to have the most insight into nation-by-nation needs.

"\[A\] detailed view of Africa’s technology sector reveals that it is not under the control of any one actor, and there are plenty of opportunities for Africans to assert agency," the ACSS report stated. "By further fostering diversity and competition within the tech sector, African governments can help mitigate the vulnerabilities that come from external actor influence."

**Future of Technology Supply Chains in Africa**

Companies entering the market should find ways to address the cybersecurity concerns of African customers, because if they don't, someone else will, says IDC South Africa's Walker.

"Competition is strong, and vendors are judged on their ability to supply relevant technologies and services at a fair price with solid \[local\] support structures," he says, adding that companies should understand "the local market dynamics, including economic and political realities and the local regulatory environments. Security issues faced in the Horn of Africa around Somalia are different to those faced in northern Nigeria and the Magreb, which again, differ significantly from southeast Africa."

Among incidents in Africa, Chinese hackers targeted Kenyan officials following the nation's trouble paying back loans from China, according to news reports published in 2023, while another incident involved a state-sponsored group targeting foreign-affairs ministries, embassies, and military forces in Africa in an operation dubbed Diplomatic Specter, according to a threat analysis published in May.

In addition, African officials have warned that an important technology supply chain for the continent — open-source software (OSS) — needs to be better secured to prevent malicious attacks.

"I don't think that Africans are naive, or any government around the world is naive — I think they know that, if you are being sold a technology product that is not domestically produced, then there's always going to be some kind of security risk there," says ACSS's Allen. "I think the question is, how can you mitigate that security risk?"

Companies working in the markets need to have an answer to that question, he says.

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

African Reliance on Foreign Suppliers Boosts Insecurity Concerns

When trying to download QuickBooks via a Google search, users may visit the wrong site and get an installer containing malware.

Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams.

We’ve seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires victims to download and install a program that will generate a popup, also showing a phone number. In both instances, that number is fraudulent.

The fake QuickBooks popup was previously described in detail by eSentire and reveals how scammers are able to hijack the software functionality by generating bogus alert messages.

We ran into an active malvertising campaign recently, indicating that this scheme is still very much alive and well. In this blog post, we review how QuickBooks users that downloaded the program from a malicious ad will be plagued with a popup generated at certain intervals, instilling fear that their data may be corrupt so that they call for assistance.

**Fake QuickBooks download**

When searching for ‘_quickbooks download_‘ on Google, we see a sponsored result appear at the top. This ad promotes a website where users can supposedly download the latest version of QuickBooks.

Here is the website, showing the official logo and even a “Solution Provider” seal of approval:

One thing that may alert users is that the download is hosted on Dropbox:

https://www.dropbox.com/scl/fi/ybket868cp7nx5dhj11cu/**QuickBooks\_Installer.msi**?rlkey=gp1t0siqr2j089vhgysn4nm33&st=4ajnlxze&dl=1

**The form (zeform)**

This installer serves two purposes: one is to download the real QuickBooks program from Intuit’s website, and the other is to surreptitiously install a sort of backdoor “_zeform.exe_“. This simple binary was designed to integrate with QuickBooks in such a way that it can generate a fake error message, as seen below:

This type of error may be alarming to people who have spent hours loading data into QuickBooks and aren’t aware that this popup, although appearing to come from QuickBooks itself, is in fact totally made up.

The application that creates it is a program written in Microsoft .NET, which contains two important methods that control when and how the popup appears:

*   _MonitorAndShowForm(),_ which calls _CalculateNextDisplayDate_ and is incremented on week days
*   _CheckTimeWindow()_ to make sure it is a weekday and within a certain time window

The text content (fake instructions) can also be seen here, encoded in Base64 presumably to avoid detection from antivirus software:

**Conclusion**

This clever scheme has been going for some time now and every now and again we see some people reporting it online, seemingly always via Google ads.

Scammers will usually ask their victims to download a program to remotely access their computer so that they can take a look at the issue and fix it. This is always dangerous and you should be extremely cautious if you’ve already let someone access your computer.

In addition to demanding to be paid to fix inexistent problems, scammers may also put malware that will give them continued access or even the ability to steal users’ passwords.

**Acknowledgments**

_We would like to thank Joe Desimone from Elastic Security for taking a look at the malicious executable and Squiblydoo for checking on the Microsoft certificate used to sign the fraudulent popup executable._

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

**Indicators of Compromise**

bizzgrowthinc\[.\]com

QuickBooks\_Installer.msi  
9e0b46194dc1c034422700b02c6aca01290d144735e48c4a83eea34773be5f52

zeform.exe  
0c3f5f7bed8efbb6b1de3e804d22397a8bdf442b83962444970855fc9606c9f5

 QuickBooks popup scam still being delivered via Google ads 

Cloud service providers are getting better at protecting data, pushing adversaries to develop new cloud ransomware scripts to target PHP applications, a new report says.

Instead of solely leaning on leaky buckets and cloud service provider (CSP) vulnerabilities to exfiltrate sensitive data, a fresh crop of cloud-targeting ransomware is aimed instead at exploiting unprotected Web applications to drop encryptors and lock up victims' data.

The pivot to focusing on PHP applications demonstrates the success that CSPs have had in shoring up their environments with policies like AWS's Key Management Service, according to a new report from SentinelOne on the state of cloud ransomware landscape in 2024. CSPs can now ensure that almost no data is really lost, thanks to policies that require a waiting period and confirmation before data can be deleted. There are some fairly exotic malicious workarounds for some of these protections, but attacks can easily be blocked by implementing service control policies, the report said.

**Cloud Ransomware's New Look at Web Applications**

Cloud ransomware operators have started to mine Web applications for opportunities in increasing volumes, according to SentinelOne.

"Web applications are often run via cloud services," SentinelOne's report explained. "Their more minimal nature makes cloud environments a natural hosting point where the applications are easier to manage and require less configuration and upkeep than running on a full operating system. However, Web applications themselves are vulnerable to extortion attacks."

Related:5 Ways to Save Your Organization From Cloud Security Threats

Analysis uncovered new ransomware scripts specifically developed to attack PHP applications — such as a Python script named "Pandora," and another attributed to Indonesian-based threat actor IndoSec group.

"The Pandora script uses AES encryption to target several types of systems, including PHP servers, Android, and Linux," the report added. "The PHP ransom functions encrypt files using AES via the OpenSSL library. The Pandora Python script runs on the Web server, writing the PHP code output to the path pandora/Ransomware with a file name provided as an argument at runtime and appended with the php extension."

The ransom script targeting PHP applications developed by IndoSec uses a PHP backdoor to manage and delete files, according to the report. It searches through directories, reads, and then encodes the file contents using a Web service's API.

"This is an interesting approach because the encryption is provided through a remote service, rather than using native functionality like many other tools," the report noted.

**Using Legitimate Cloud-Native Functions to Steal Data**

Aside from trying to breach them, adversaries have also figured out how to use these cloud services themselves to exfiltrate stolen data, the report explained. SentinelOne offers the example of September Rhysdia and BianLian cloud ransomware attacks that abandoned their historical exfiltration tools like MEGAsync and rclone, and instead used Azure Storage Explorer to download the data. The following month, the LockBit ransomware group was discovered using Amazon's S3 storage to exfiltrate data from Windows and macOS systems, SentinelOne added.

Related:Google AI Platform Bugs Leak Proprietary Enterprise LLMs

In keeping with the trend, the SentinelOne research identified a new Python script on VirusTotal it named "RansomES." This code is designed to infiltrate a Windows system, look for files with extensions that indicate the file contains data, including .doc, .xls, .jpg, .png, or .txt. Once those files have been identified, the RansomES code allows the ransomware attacker to exfiltrate those files to an S3 storage bucket or an FTP site, and encrypt the local versions.

"RansomES is a simple script, and we do not believe it has been used in the wild," the report noted. "The author included an Internet connectivity check to the WannaCry killswitch domain, which may suggest the script was developed by a researcher or someone with an interest in threat intelligence."

Related:2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

The key to protecting data against Web application cloud ransomware attacks is to assess the overall cloud environment to protect against misconfigurations and overly permissive storage buckets, the report concluded.

"Additionally, always enforce good identity management practices such as requiring MFA on all admin accounts, and deploy runtime protection against all cloud workloads and resources," according to SentinelOne.

Cloud Ransomware Flexes Fresh Scripts Against Web Apps

Group-IB has uncovered Lazarus group’s stealthy new trojan and technique of hiding malicious code in extended attributes on…

Group-IB has uncovered Lazarus group’s stealthy new trojan and technique of hiding malicious code in extended attributes on macOS. Learn how this advanced persistent threat (APT) is evading detection and the steps you can take to protect yourself.   

Cybersecurity researchers at Group-IB report that the North Korean state-backed **APT Lazarus group**, is now deploying a new macOS trojan called “RustyAttr.” This malware, along with a new evasion technique, lets Lazarus carry out its operations while remaining undetected.

Since May 2024, the Lazarus Group has been employing a technique that hides malicious code within the extended attributes (EAs) of files on macOS systems, utilizing the RustyAttr trojan. Extended attributes are hidden data containers attached to files, enabling the storage of additional information beyond standard attributes such as size or creation date.

This method is particularly tricky because these attributes are invisible by default in applications like Finder or Terminal. However, using the .xattr command, attackers can easily access and exploit this hidden data.

In 2020, **Bundlore adware** used a similar technique to hide its payload in resource forks which stored structured data on older macOS systems, researchers noted in the **blog post** shared with Hackread.com.

The possible attack scenario involves a legitimate-looking malicious application, built using the Tauri framework. It displays **fake PDF files** related to job opportunities or cryptocurrency, a theme consistent with Lazarus. 

For your information, the Tauri framework is a web-based tool for creating lightweight desktop applications, enabling developers to use HTML, CSS, JavaScript, and Rust for front and backend, respectively, to execute malicious scripts.

The shell scripts reveal two types of decoys: one fetches a PDF file from a file hosting service, containing questions related to game project development and funding, and the other displays a dialogue stating that the app does not support the specified version, while a web request to the staging server processes in the background. The malicious script is hidden within a custom extended attribute named “test”. 

The application leverages a JavaScript file named “preload.js” to interact with the hidden script. This JavaScript code, using **Tauri’s functionalities**, retrieves the script from the extended attribute and executes it. 

Example of one of the malicious PDF files pushing a fake job advert (Via Group-IB)

“Interestingly, the next behaviour is as follows – if the attribute exists, no user interface will be shown whereas, if the attribute is absent, the fake webpage will be shown,” the researchers revealed.

The malicious components are hidden within the extended attributes, making them invisible to antivirus scanners. The applications were initially signed with a leaked certificate (revoked by Apple now) but remained unnotarized, bypassing another layer of possible detection.

While the researchers haven’t identified any confirmed victims yet, they believe Lazarus might be experimenting with this technique for future attacks. This discovery is important because it’s a completely new tactic, not yet documented in the MITRE ATT&CK framework, a standard reference for attack techniques.

The Lazarus group’s sophistication and continuous expansion of tactics show their efforts to evade detection and compromise systems. To stay safe, verify the source and legitimacy of files before downloading or executing them, and avoid downloading harmless content like PDFs without checking even if it appears legitimate.

Keep **macOS Gatekeeper** on as it prevents the execution of untrusted applications. Lastly, utilize advanced threat intelligence solutions to remain aware of emerging threats and develop effective protection strategies.

1.  **Fake North Korean IT Workers Infiltrate Western Firms**
2.  **North Korean Hackers Team Up with Play Ransomware**
3.  **N Korean hackers stole $1.7 billion from crypto exchanges**
4.  **North Korean Hackers Drop Linux Malware for ATM Cashouts**
5.  **SnatchCrypto attack hits DeFi, Blockchain Firms with backdoor**

Lazarus Group Targets macOS with RustyAttr Trojan in Fake Job PDFs

The group seeks out aerospace professionals by impersonating job recruiters — a demographic it has targeted in the past as well — then deploys the SlugResin backdoor malware.

Source: Iain Masterton via Alamy Stock Photo

A phishing campaign, active since last September, is targeting users on LinkedIn and other platforms by impersonating job recruiters in the aerospace industry.

ClearSky attributed the campaign to Iranian-linked threat actor TA455, which uses a spear-phishing approach to target and lure individuals. Once connected with its victims, the threat actors encourage them to download a zip file called "SIgnedConnection.zip."

Along with this, the threat actors also provide a PDF guide to their victims to instruct them on how to safely download and open the zip files.

The zip file contains an executable file that loads the malware onto the victim's device through DLL side-loading. A DLL file called "secure32\[.\]dll" is loaded onto their system, allowing the attacker access to run an undetected code.

Once this is done, the malware initiates an infection chain, which ultimately deploys Snail Resin malware, opening a backdoor titled "SlugResin." This malware and backdoor are both attributed to Charming Kitten, another Iranian threat actor, according to researchers at ClearSky.

The group uses several methods to evade detection, including encoding command-and-control (C2) communications on GitHub to make it more difficult for traditional detection tools to recognize that it's a threat, and it mimics tactics associated with Lazarus Group, causing complications in attribution.

Like past campaigns, TA455 is targeting aerospace professionals, so individuals in this field on platforms such as LinkedIn should be wary of messages and connections they receive from unknown sources.

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

**About the Author**

Iranian Cybercriminals Target Aerospace Workers via LinkedIn

The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models.

Source: Krot Studio via Alamy Stock Photo

Google has fixed two flaws in Vertex AI, its platform for custom development and deployment of large language models (LLMs), that could have allowed attackers to exfiltrate proprietary enterprise models from the system. The flaw highlights once again the danger that malicious manipulation of artificial intelligence (AI) technology present for business users.

Researchers at Palo Alto Networks Unit 42 discovered the flaws in Google's Vertex AI platform, a machine learning (ML) platform that allows enterprise users to train and deploy ML models and AI applications. The platform is aimed at allowing for custom development of LLMs for use in an organization's AI-powered applications.

Specifically, the researchers discovered a privilege escalation flaw in the "custom jobs" feature of the platform, and a model exfiltration flaw in the "malicious model" feature, Unit 42 revealed in a blog post published on Nov. 12.

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

Related:Cloud Ransomware Flexes Fresh Scripts Against Web Apps

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

The first bug allowed for exploitation of custom job permissions to gain unauthorized access to all data services in the project. The second could have allowed an attacker to deploy a poisoned model in Vertex AI, leading to "the exfiltration of all other fine-tuned models, posing a serious proprietary and sensitive data exfiltration attack risk," Palo Alto Networks researchers wrote in the post.

Unit 42 shared its findings with Google, and the company has "since implemented fixes to eliminate these specific issues for Vertex AI on the Google Cloud Platform (GCP)," according to the post.

While the imminent threat has been mitigated, the security vulnerabilities once again demonstrate the inherent danger that occurs when LLMs are exposed and/or manipulated with malicious intent, and how quickly the issue can spread, the researchers said.

"This research highlights how a single malicious model deployment could compromise an entire AI environment," the researchers wrote. "An attacker could use even one unverified model deployed on a production system to exfiltrate sensitive data, leading to severe model exfiltration attacks."

Related:5 Ways to Save Your Organization From Cloud Security Threats

**Poisoning Custom LLM Development**

The key for exploiting the flaws that were discovered lies within a feature of Vertex AI called Vertex AI Pipelines, which allow users to tune their models using custom jobs, also referred to as "custom training jobs." "These custom jobs are essentially code that runs within the pipeline and can modify models in various ways," the researchers explained.

However, while this flexibility is valuable, it also opens the door to potential exploitation, they said. In the case of the vulnerabilities, Unit 42 researchers were able to abuse permissions within what's called a "service agent" identity of a "tenant project" — connected through the project pipeline to the "source project," or fine-tuned AI model created within the platform. A service agent has excessive permissions to many permissions within a Vertex AI project.

From this position, the researchers could either inject commands or create a custom image to create a backdoor that allowed them to gain access to the custom model development environment. They then deployed a poisoned model for testing within Vertex AI that allowed them to gain further access to steal other AI and ML models from the test project.

Related:2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

"In summary, by deploying a malicious model, we were able to access resources in the tenant projects that allowed us to view and export all models deployed across the project," the researchers wrote. "This includes both ML and LLM models, along with their fine-tuned adapters."

This method presents "a clear risk for a model-to-model infection scenario," they explained. "For example, your team could unknowingly deploy a malicious model uploaded to a public repository," the researchers wrote. "Once active, it could exfiltrate all ML and fine-tuned LLM models in the project, putting your most sensitive assets at risk."

**Mitigating AI Cybersecurity Risk**

Organizations are just beginning to have access to tools that can allow them to build their own in-house, custom LLM-based AI systems, and thus the potential security risks and solutions to mitigate them are still very much uncharted territory. However, it's become clear that gaining unauthorized access to LLMs created within an organization is one surefire way to expose that organization to compromise.

At this stage, key to securing any custom-built models is to limit the permissions of those in the enterprise that have access to it, the Unit 42 researchers noted. "The permissions required to deploy a model might seem harmless, but in reality, that single permission could grant access to all other models in a vulnerable project," they wrote in the post.

To protect against such risks, organizations also should implement strict controls on model deployments. A fundamental way to do this is to ensure an organization's development or test environments are separate from its live production environment.

"This separation reduces the risk of an attacker accessing potentially insecure models before they are fully vetted," Balassiano and Shaty wrote. "Whether it comes from an internal team or a third-party repository, validating every model before deployment is vital."

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 am ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Google AI Platform Bugs Leak Proprietary Enterprise LLMs

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023.
"The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said

Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks

A critical security vulnerability in Palo Alto Networks’ Expedition tool is being actively exploited by hackers. CISA urges…

A critical security vulnerability in Palo Alto Networks’ Expedition tool is being actively exploited by hackers. CISA urges patch – Learn how to protect your network and sensitive data by patching your Expedition software immediately.

If you have recently migrated your network configuration to Palo Alto Networks using their Expedition tool, you need to act quickly as a critical security flaw (CVE-2024-5910) in the tool is actively being exploited by threat actors. This means hackers can takeover administrator account, access sensitive configuration data, and even gain control over your firewalls if you haven’t patched your Expedition software.

For your information, Expedition is a handy tool that helps users seamlessly switch their network configuration from other vendors like Cisco or Checkpoint to their own products. It automates many steps, making the transition smoother for businesses. The tool will be will discontinued from January 2025.

Palo Alto Networks has reportedly been notified by the Cybersecurity and Infrastructure Security Agency (CISA) about the exploitation of a security flaw within its Expedition tool versions prior to 1.2.92. Palo Alto already released a patch for this vulnerability in July, but attackers are already exploiting it.

 “Palo Alto Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data,” CISA explained in its advisory.

The advisory warns that configuration secrets, credentials, and other data moved into Expedition are at risk due to the critical flaw as the tool can trigger an administrative account takeover for threat actors. This vulnerability is rated as “critical” with a CVSS score of 9.3 (out of 10) entails a missing authentication for Critical Function (CWE-306). This means it’s very easy for attackers to exploit and can have severe consequences.

Exploitation attempts likely rose in October when a security researcher Zach Hanley released a proof-of-concept (PoC) exploit. It demonstrates how to combine CVE-2024-5910 and another vulnerability (CVE-2024-9464) to execute unauthenticated remote code on vulnerable Expedition servers, allowing attackers to reset admin accounts and control firewall configurations.

CISA has added this vulnerability to its “Known Exploited Vulnerabilities” catalog, urging federal agencies to address it before November 28th.

To protect yourself, update your software to the latest version (1.2.92 or later). Once updated, change usernames, passwords, and API keys for both Expedition and firewalls processed through Expedition.  Additionally, sign up for security alerts from Palo Alto Networks or other reputable sources to stay updated on the latest threats and vulnerabilities.

It is worth noting that the advisory comes after Threat intelligence firm Volexity discovered a zero-day exploit in April that affected Palo Alto Networks’ firewall appliances. The vulnerability had a maximum CVSS score of 10 and probably exploited by nation-state hackers, according to researchers.

John Bambenek, President at Bambenek Consulting weighed in on the situation stating, _“_This vulnerability lets attackers reach out and take over these devices without authentication and they are the kind of tool you set up for a tactical reason. Once the work is done, you forget about it. If, for whatever reason, you can’t shut it down, get these devices off the open Internet._“_

1.  Palo Alto Patches 0-Day Exploited by Python Backdoor
2.  CISA and Fortinet Warns of New FortiOS Zero-Day Flaws
3.  Hackers Target Check Point VPNs, Security Fix Released
4.  Private details of Palo Alto Networks employees leaked online
5.  Cisco Fixes High-Severity Code Execution, VPN Hijacking Flaws

Tag

#backdoor