Ongoing “Panamorfi” Distributed Denial-of-Service (DDoS) Campaign Targeting Misconfigured Jupyter Notebooks

There are reports of an ongoing DDoS campaign, Panamorfi, targeting misconfigured Jupyter Notebooks. The campaign entails attackers gaining access to exposed Jupyter notebooks and using it to download a malicious zip file containing two malicious Java Archive (JAR) files: conn.jar and mineping.jar. 

 The conn.jar file establishes a connection to the attacker's Discord channel, which the attacker utilises to control the DDoS attack. The mineping.jar file performs the Transmission Control Protocol (TCP) flood DDoS attack. This attack can overwhelm the bandwidth of the target server by sending a high volume of TCP connection requests, leading to service disruption.

 Users and administrators are encouraged to stay vigilant and adopt the following measures to protect their software against these attacks:

• Ensure that Jupyter notebooks are properly secured and configured with the latest security patches

• Limit the execution of code to only what is necessary for the task at hand

• Use security tools and solutions to detect and block malicious behaviour

More information is available here:

https://www.aquasec.com/blog/panamorfi-a-new-discord-ddos-campaign/