ShadowRay 2.0: Active Global Campaign Hijacks Ray AI Infrastructure Into Self-Propagating Botnet

Nov. 19, 2025, 8:54 a.m.

Description

A global hacking campaign dubbed ShadowRay 2.0 has been discovered, exploiting a vulnerability in the Ray AI framework to seize control of computing clusters and create a self-replicating botnet. The attackers use GitLab and GitHub for payload delivery, leveraging AI-generated code to adapt their methods. The campaign has evolved from simple cryptojacking to a sophisticated multi-purpose botnet capable of DDoS attacks and data exfiltration. The operation targets exposed Ray clusters worldwide, utilizing DevOps-style infrastructure for real-time malware updates. This campaign highlights the growing attack surface in AI workloads and the risks associated with disputed vulnerabilities.

External References

https://www.oligo.security/blog/shadowray-2-0-attackers-turn-ai-against-itself-in-global-campaign-that-hijacks-ai-into-self-propagating-botnet
https://otx.alienvault.com/pulse/691d46b4135d2acc04876592
Tags
xmrig
ddos
botnet
cryptojacking
data exfiltration
self-propagation
devops
2025-11-19
CVE-2023-48022
ai infrastructure
sockstress
ray framework

Date

  • Created: Nov. 19, 2025, 4:25 a.m.
  • Published: Nov. 19, 2025, 4:25 a.m.
  • Modified: Nov. 19, 2025, 8:54 a.m.

Attack Patterns

  • sockstress
  • XMRig
  • IronErn440