Top Highlights
- Threat actors are exploiting a two-year-old vulnerability (CVE-2023-48022) in the Ray AI framework to remotely execute code and compromise clusters, especially those accessible via the internet, primarily for crypto-mining and cybercriminal activities.
- The campaign, ShadowRay 2.0, involves AI-generated attack code, lateral movement within clusters, credential theft, and deployment of malware, using legitimate orchestration features to evade detection and propagate malicious activity.
- Attackers have utilized CI/CD pipelines on platforms like GitLab and GitHub to automate malware updates, exfiltrate data, and launch DDoS attacks, effectively turning compromised Ray clusters into a self-propagating botnet.
- Over 230,000 Ray servers are exposed online, with many compromised, highlighting the critical need for proper network security, cluster isolation, and plans for implementing authentication in the Ray framework to prevent such exploitation.
The Issue
Recently, threat actors exploited a significant security vulnerability in the Ray AI framework—a two-year-old flaw identified as CVE-2023-48022—to launch a widespread campaign dubbed ShadowRay 2.0. Ray, maintained by Anyscale, is an open-source platform used to scale Python-based AI and machine learning applications. Because the framework lacks built-in authentication, many cloud-deployed Ray clusters remained vulnerable to remote, unauthenticated attacks. These hackers, including a group dubbed IronErn440, exploited this weakness to take control of hundreds of clusters, primarily targeting those with NVIDIA GPUs for cryptojacking—using the compromised resources to mine cryptocurrency. Using tools like AI-generated malware and legitimate DevOps processes such as GitLab and GitHub for staging malicious payloads, the attackers evolved their methods rapidly, deploying a multi-purpose botnet capable of conducting DDoS attacks, data theft, and autonomous propagation across the internet.
The attackers’ activities caused extensive damage, including stealing sensitive credentials, gaining root access to databases, and deploying tools to facilitate further compromise and DDoS attacks. Oligo, a cybersecurity research firm, reports that the campaign began in September 2024 and involved sophisticated tactics such as deploying reverse shells, abusing legitimate orchestration features, and using AI to generate malicious code—enabling real-time updates and quick propagation across clusters worldwide. Many of these compromised clusters belonged to startups and research institutions, with some servers holding vast amounts of proprietary data and AI models. The incident highlights the critical need for improved security in AI frameworks, especially when they are exposed to the internet without enforced authentication, as cybercriminals continue to harness AI and DevOps tools to enhance their malicious operations.
Risk Summary
The ’Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign’ serves as a stark reminder that even seemingly outdated or overlooked vulnerabilities in your business’s AI systems can become potent attack points, risking data breaches, operational disruptions, and reputational damage. If such flaws remain unpatched or unnoticed, cybercriminals can leverage these weaknesses to gain unauthorized access, manipulate algorithms, or exfiltrate sensitive information, potentially leading to costly legal consequences and loss of customer trust. Any business reliant on AI-driven processes, regardless of industry size or scope, stands vulnerable to exploitation, underscoring the urgent need for continuous security audits, timely updates, and rigorous oversight to prevent malicious campaigns from exploiting long-standing system flaws.
Possible Action Plan
Addressing the flaw in the Two-Year-Old Ray AI Framework promptly is crucial to prevent exploitation, data breaches, and potential disruption of critical operations. Timely remediation ensures that vulnerabilities are minimized, reducing the risk of malicious actors gaining access or causing damage. Quick action not only protects sensitive information but also reinforces trust and maintains operational integrity within the framework’s ecosystem.
Mitigation Measures
- Immediate patch deployment
- Apply security updates
- Disable vulnerable components
- Conduct vulnerability scans
Remediation Steps
- Alert security teams
- Isolate affected systems
- Review incident logs
- Update threat detection tools
- Conduct thorough vulnerability assessments
- Enhance access controls
- Collaborate with vendors for patch development
- Implement continuous monitoring
Stay Ahead in Cybersecurity
Discover cutting-edge developments in Emerging Tech and industry Insights.
Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1cyberattack-v1-multisource
