Qubitstrike attacks launched against Jupyter Notebooks

Vulnerable Jupyter Notebook instances have been subjected to attacks by a suspected Tunisia-based threat actor leveraging the novel Qubitstrike intrusion set, which facilitates cryptomining and cloud compromise, The Hacker News reports. Attacks involved command execution on compromised Jupyter Notebooks to fetch a shell script that would facilitate not only cryptocurrency mining malware deployment and persistence but also the execution of the Diamorphine rootkit with Google Cloud and Amazon Web Services credential exfiltration and malicious activity obfuscation capabilities, according to a report from Cado Security Labs. Researchers also found that data transfer utilities used in the attacks have been renamed to bypass security systems. "Of course, the primary objective of Qubitstrike appears to be resource hijacking for the purpose of mining the XMRig cryptocurrency. Despite this, analysis of the Discord C2 infrastructure shows that, in reality, any conceivable attack could be carried out by the operators after gaining access to these vulnerable hosts," said researchers.