
Aqua Nautilus researchers discovered an attack by a cyber group called “Panamorfi” that uses a DDoS package for Minecraft – mineping – through misconfigured Jupyter notebooks.
The attackers gained initial access to the open source Jupyter notebook environment through a malicious file downloaded via the wget command. This file contained two jar files that were used to perform DDoS attacks on Minecraft servers.
The attack began by gaining access to the Jupyter notebook honeypot using a command that downloaded a zip file with malicious content. The main conn.jar file connected to Discord to manage the attack, while the mineping.jar file performed a TCP Flood DDoS attack against the Minecraft servers. The attacker used Discord to report the results of the attacks.
Research revealed that an attacker with the alias ‘yawixooo’ was active on GitHub and had a Minecraft server configuration and an HTML page under development. Aqua Security used its runtime protection solution to detect and block this attack. This made it possible to detect malicious activity and block the execution of malicious code in real time.
This attack highlights the importance of properly configuring data development environments such as Jupyter notebooks and the need to use runtime security solutions to prevent malicious attacks.