An application security firm, Oligo, has issued a warning about attackers exploiting a significant vulnerability within the Ray AI framework. This vulnerability, identified as CVE-2023-48022 and disclosed in November 2023, has become a gateway for cybercriminals to infiltrate and compromise numerous clusters. The flaw stems from a missing authentication mechanism in the Ray framework’s default configuration, leaving it susceptible to exploitation. In essence, the framework lacks a robust authentication protocol and does not support any form of authorization model, rendering it vulnerable to malicious activities.
Vulnerability in Ray AI Framework Exploited, Hundreds of Clusters Compromised
1. Vulnerability in Ray AI
Framework Exploited,
Hundreds of Clusters
Compromised
(Source-helpnetsecurity)
Vulnerability Exploited in Ray AI Framework
An application security firm, Oligo, has issued a warning about attackers exploiting a
significant vulnerability within the Ray AI framework. This vulnerability, identified as CVE-
2023-48022 and disclosed in November 2023, has become a gateway for cybercriminals to
infiltrate and compromise numerous clusters. The flaw stems from a missing authentication
mechanism in the Ray framework’s default configuration, leaving it susceptible to
exploitation. In essence, the framework lacks a robust authentication protocol and does not
support any form of authorization model, rendering it vulnerable to malicious activities.
Attackers Exploit Vulnerability, Inflicting Widespread Damage
Exploiting this vulnerability, attackers have been able to breach hundreds of Ray clusters,
according to reports from Oligo. By leveraging Ray’s job submission API, attackers can
2. execute arbitrary system commands, granting them unauthorized access to all nodes within
the cluster and facilitating the retrieval of critical credentials. The compromised clusters have
become a treasure trove for cybercriminals, who have pilfered various sensitive information,
including AI production workload data, database credentials, password hashes, SSH keys,
and tokens from prominent platforms like OpenAI, HuggingFace, and Stripe.
Moreover, several compromised clusters operated with elevated privileges, providing access
to sensitive cloud services and potentially compromising customer data. Additionally, these
breaches have exposed Kubernetes API access and Slack tokens, exacerbating the security
risks posed by the exploitation of this vulnerability.
Oligo Unveils Scope of Attack and Detection Challenges
Oligo, which has dubbed the ongoing attack campaign as ShadowRay, has shed light on the
extensive damage caused by the exploitation of this vulnerability. The security firm has
observed a proliferation of crypto miners, including XMRig, NBMiner, and Java-based
Zephyr miners, along with the deployment of reverse shells for persistent access across
compromised clusters. Notably, the first instance of a crypto-miner was detected in February
2024, indicating that the breach might have commenced before the vulnerability’s public
disclosure.
Furthermore, Oligo highlights the sophisticated tactics employed by the attackers to evade
detection, such as leveraging the Interactsh open-source service for connection requests.
Compounded by the disputed nature of the exploited vulnerability, organizations remain
unaware of their susceptibility to such attacks, amplifying the challenges in detecting and
mitigating these threats effectively.
In conclusion, the exploitation of the vulnerability in the Ray AI framework underscores the
critical importance of implementing robust authentication mechanisms and security protocols
in AI infrastructure. As organizations grapple with the evolving threat landscape,
collaborative efforts between developers, security experts, and end-users are imperative to
fortify defenses against such malicious incursions.
