Today > | 3 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Threat Actors Hijack Misconfigured Servers for Live Sports Streaming

Nov. 20, 2024, 9:29 a.m.

Description

Aqua Nautilus researchers uncovered a new attack vector where threat actors exploit misconfigured JupyterLab and Jupyter Notebook applications to hijack servers for streaming sports events. The attackers gain unauthenticated access, install ffmpeg, and use it to capture live streams, redirecting them to illegal servers. This activity, while seemingly minor, poses significant risks including data manipulation, theft, and potential financial damage. The researchers used Aqua Tracee and TraceeShark tools to analyze the attack, revealing the process of server compromise and stream ripping. The campaign primarily targeted Qatari beIN Sports network broadcasts, with evidence suggesting the attackers may be of Arab-speaking origin. The attack demonstrates the importance of securing data science environments and highlights the growing threat of illegal sports streaming to the entertainment industry.

Date

Published: Nov. 19, 2024, 9:59 p.m.

Created: Nov. 19, 2024, 9:59 p.m.

Modified: Nov. 20, 2024, 9:29 a.m.

Indicators

41.200.191.23

x9pro.xyz

Attack Patterns

T1048

T1059.004

T1496

T1190

Additional Informations

Technology

Media

Qatar

Algeria