ShadowRay Attacks Transform Ray Clusters into Crypto Miners

A global campaign known as ShadowRay 2.0 is exploiting exposed Ray Clusters to create a self-propagating crypto-mining botnet using an old vulnerability.

Key Points:

• ShadowRay 2.0 campaign exploits a critical vulnerability in Ray, tracked as CVE-2023-48022.

• Malicious payloads generated by AI are being used to compromise vulnerable Ray infrastructure.

• Attacks not only involve crypto-mining but also data theft and DDoS attacks.

• Researchers have observed two distinct waves of attacks since November.

• With over 230,000 Ray servers online, many are at risk of being hijacked.

The ShadowRay 2.0 campaign represents a significant escalation in the exploitation of Ray clusters, which are designed to run AI applications in a controlled environment. By leveraging a long-standing code execution flaw, attackers are able to convert these powerful computational resources into a botnet for crypto mining. The compromised systems may also be used for various malicious activities such as stealing sensitive information and conducting DDoS attacks, thereby increasing the potential for widespread harm.

According to research from Oligo, the sophisticated nature of the attack indicates the use of AI to generate malicious code, resulting in a self-sustaining malware ecosystem. This not only highlights the growing threat of AI in cybercrime but also emphasizes the need for immediate preventive measures, as the attackers are deploying techniques to ensure their persistence and exclusivity when using the compromised clusters. In light of the discovery that many systems are vulnerable due to the lack of a fix for CVE-2023-48022, users are urged to adopt best practices to secure their infrastructure and prevent being caught in this web of exploitation.

What steps can organizations take to protect their AI infrastructure from similar attacks in the future?

Link to Full Story Below