Threat actors are exploiting a critical vulnerability in the Ray AI framework to hijack clusters for crypto-mining and cyber-attacks. This ongoing campaign demonstrates the use of AI-generated payloads, self-propagating worms, and stolen credentials to expand their malicious activities. #CVE-2023-48022 #ShadowRay #RayAI #GitHub #CryptoMining #DDoS
Keypoints
- The vulnerability CVE-2023-48022 allows remote code execution in the Ray AI framework due to lack of authentication.
- Threat actors are exploiting the flaw to compromise clusters for cryptojacking and botnet creation.
- Attackers use AI-generated code, CI/CD pipelines, and real-time updates to adapt their malware tactics.
- Compromised clusters are used for credential theft, data exfiltration, and launching DDoS attacks.
- Over 230,000 Ray servers worldwide are vulnerable, with many belonging to startups and research institutions.
Read More: https://www.securityweek.com/two-year-old-ray-ai-framework-flaw-exploited-in-ongoing-campaign/