Briefing

The ShadowRay 2.0 campaign is actively exploiting a two-year-old, unpatched critical authentication flaw (CVE-2023-48022) in the Ray open-source AI framework’s API server. This vulnerability grants remote, unauthenticated attackers complete control over exposed compute clusters, immediately compromising the integrity of the underlying infrastructure. The primary consequence is the creation of a self-propagating botnet, which leverages hijacked NVIDIA GPUs to execute the XMRig cryptocurrency miner, transforming enterprise AI infrastructure into a resource-draining, illicit revenue stream, rated with a maximum severity CVSS score of 9.8.

The image showcases a high-tech modular system composed of white and metallic units, connected centrally by intricate mechanisms and multiple conduits. Prominent blue solar arrays are attached, providing an energy source to the structure, set against a blurred background suggesting an expansive, possibly orbital, environment

Context

The prevailing security posture for many Ray deployments involved a significant oversight → the API server lacked mandatory authentication, a known design flaw that has persisted for over two years. This exposure created a vast, unmonitored attack surface where the platform’s orchestration capabilities could be easily abused. The incident leveraged this known class of vulnerability → missing access control → to turn a legitimate AI tool into a mechanism for lateral malware deployment.

A highly detailed, futuristic mechanical assembly is presented, featuring polished silver and vibrant translucent blue elements. The central focus is an intricate ring structure adorned with clusters of small, sparkling blue crystalline components, suggesting a core operational unit

Analysis

The attack begins by exploiting the critical missing authentication bug (CVE-2023-48022) in the Ray API server, which allows for remote, unauthenticated arbitrary code execution on the cluster’s head node. This initial compromise enables the threat actor to deploy the XMRig cryptomining payload. Crucially, the attackers then leverage Ray’s native orchestration features to pivot laterally and distribute the malware to non-internet-facing nodes, establishing a self-replicating worm. The operation is designed to eliminate competing miners and establish persistence via a cron job, illustrating a sophisticated, multi-purpose botnet that is now also weaponized for denial-of-service attacks.

A clear, multifaceted crystal, exhibiting internal fissures and sharp geometric planes, is positioned centrally on a dark surface adorned with glowing blue circuitry. The crystal's transparency allows light to refract, highlighting its complex structure, reminiscent of a perfectly cut gem or a frozen entity

Parameters

  • Vulnerability Severity → 9.8 CVSS score – The maximum severity rating for the exploited authentication bypass flaw.
  • Vulnerability Age → Two years – The duration the critical flaw (CVE-2023-48022) has remained unpatched in the framework.
  • Malware Payload → XMRig – The specific cryptocurrency miner deployed on compromised GPU clusters.

A central, multi-faceted clear crystal protrudes from a complex assembly of interlocking white geometric shapes and dense clusters of small, dark blue crystalline structures. The composition is abstract and futuristic, evoking themes of advanced technology and data

Outlook

Immediate mitigation requires administrators to patch the Ray framework to the latest version or implement strict network-level access controls to block external access to the Ray API. The second-order effect is a heightened scrutiny on all open-source AI/ML frameworks, establishing a new security best practice that dictates immediate, mandatory authentication for all internal cluster communication and API endpoints. This event underscores that compute-intensive, unauthenticated infrastructure will remain a primary target for cryptojacking operations.

This exploitation of a two-year-old, unpatched critical authentication flaw in a major AI framework proves that systemic security debt in core infrastructure is a persistent and highly profitable vector for large-scale cryptojacking operations.

Authentication flaw, open source security, supply chain risk, critical vulnerability, cryptojacking botnet, remote code execution, unpatched systems, AI infrastructure, GPU mining, lateral movement, self-propagating malware, API server exploit, high severity CVSS, system hijacking, compute resource theft Signal Acquired from → thehackernews.com

Micro Crypto News Feeds