{"id":2357,"date":"2024-11-19T11:00:00","date_gmt":"2024-11-19T14:00:00","guid":{"rendered":"https:\/\/www.blog.lineasdns.com\/hackers-hijack-unsecured-jupyter-notebooks-to-stream-illegal-sports-broadcasts\/"},"modified":"2024-11-19T11:00:00","modified_gmt":"2024-11-19T14:00:00","slug":"hackers-hijack-unsecured-jupyter-notebooks-to-stream-illegal-sports-broadcasts","status":"publish","type":"post","link":"https:\/\/www.blog.lineasdns.com\/en\/hackers-hijack-unsecured-jupyter-notebooks-to-stream-illegal-sports-broadcasts\/","title":{"rendered":"Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts"},"content":{"rendered":"


\n<\/p>\n

\n
<\/a><\/div>\n

Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools.<\/p>\n

The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report<\/a> shared with The Hacker News.<\/p>\n

The covert piracy campaign within interactive environments widely used for data science applications was discovered by the cloud security firm following an attack against its honeypots.<\/p>\n

“First, the attacker updated the server, then downloaded the tool FFmpeg<\/a>,” said Assaf Morag, director of threat intelligence at cloud security firm Aqua. “This action alone is not a strong enough indicator for security tools to flag malicious activity.”<\/p>\n

\"Cybersecurity\"<\/a><\/center><\/div>\n

“Next, the attacker executed FFmpeg to capture live streams of sports events and redirected them to their server.”<\/p>\n

In a nutshell, the end goal of the campaign is to download FFmpeg from MediaFire and use it to record live sports events feeds from the Qatari beIN Sports network and duplicate the broadcast on their illegal server via ustream[.]tv.<\/p>\n

\"Illegal<\/a><\/div>\n

This not only facilitates the abuse of compromised Jupyter Notebook server and its resources by serving as an intermediary, but also enables threat actors to make a profit through advertising revenue by illicitly broadcasting the live streams.<\/p>\n

It’s not clear who is behind the campaign, although there are indications that they could be of Arab-speaking origin owing to one of the IP addresses used (41.200.191[.]23).<\/p>\n

“However, it’s crucial to remember that the attackers gained access to a server intended for data analysis, which could have serious consequences for any organization’s operations,” Morag said.<\/p>\n

“Potential risks include denial-of-service, data manipulation, data theft, corruption of AI and ML processes, lateral movement to more critical environments, and, in the worst-case scenario, substantial financial and reputational damage.”<\/p>\n

<\/p>\n

Found this article interesting? Follow us on Twitter \uf099<\/i><\/a> and LinkedIn<\/a> to read more exclusive content we post.<\/div>\n<\/div>\n