AI-Generated Malware Targets AI Infrastructure in Global Attack

Security researchers at Oligo Security have uncovered a massive, fast-evolving cyberattack campaign hijacking exposed Ray AI clusters worldwide through the ShadowRay vulnerability (CVE-2023-48022). The campaign, dubbed ShadowRay 2.0, represents one of the world’s first cases of AI-generated malware used to attack AI infrastructure. The threat actor, IronErn440, has transformed Ray’s legitimate orchestration functions into a self-propagating, globally distributed botnet capable of cryptomining, lateral movement, data exfiltration, reverse shell access, DDoS attacks, and automated worm-like propagation. Oligo cautions that this isn’t just another cryptojacking campaign but a multi-purpose botnet capable of significant harm.

Latest mentioned: 11-19

Earliest mentioned: 11-18

Sources

theregister.com bleepingcomputer.com cyberscoop.com oligo.security securityonline.info

Also Read

NPM Malware Campaign Uses Adspect Cloaking and Fake CAPTCHAs

The Socket Threat Research Team has uncovered a sophisticated npm malware campaign orchestrated by the threat actor dino_reborn. The campaign uses seven malicious packages to distinguish genuine targets from security researchers before executing payloads. The malware employs traffic cloaking, anti-analysis techniques, and deceptive UI elements, making it difficult for analysts to investigate. The campaign's distinctive feature involves fingerprinting visitor behavior to determine malicious intent, showing security researchers a blank page and potential victims a convincing fake CAPTCHA. The malware targets cryptocurrency platforms, aiming to steal crypto assets. Organizations should monitor for indicators such as /adspect-proxy.php and /adspect-file.php URL patterns.

11-19Read more →