Self-replicating botnet attacks Ray clusters

Malefactors are actively attacking internet-facing Ray clusters and abusing the open source AI framework to spread a self-replicating botnet that mines for cryptocurrency, steals data, and launches distributed denial of service (DDoS) attacks.

Oligo Security bug hunters say the ongoing campaign, which they've named ShadowRay 2.0, has been active since at least September 2024. The attacks exploit CVE-2023-48022, a critical – and unpatched – vulnerability in Ray, an open source distributed computing framework for AI workloads that's used by major tech companies, including Amazon, Apple, and OpenAI.

This is the same flaw Oligo previously reported as being under exploitation in late 2023. At the time, the application security firm dubbed the vulnerability ShadowRay.

The security hole, which received a 9.8 CVSS rating, allows remote attackers to execute arbitrary code via an exposed Ray dashboard API. It remains unpatched because Anyscale, the vendor that developed the framework, maintains that ...