Threat Actors Hijack Misconfigured Servers for Live Sports Streaming

Tags

External References

• https://www.aquasec.com/
• https://otx.alienvault.com/

Description

Aqua Nautilus researchers uncovered a new attack vector where threat actors exploit misconfigured JupyterLab and Jupyter Notebook applications to hijack servers for streaming sports events. The attackers gain unauthenticated access, install ffmpeg, and use it to capture live streams, redirecting them to illegal servers. This activity, while seemingly minor, poses significant risks including data manipulation, theft, and potential financial damage. The researchers used Aqua Tracee and TraceeShark tools to analyze the attack, revealing the process of server compromise and stream ripping. The campaign primarily targeted Qatari beIN Sports network broadcasts, with evidence suggesting the attackers may be of Arab-speaking origin. The attack demonstrates the importance of securing data science environments and highlights the growing threat of illegal sports streaming to the entertainment industry.

Date