Stopping Sobolan Malware with Aqua Runtime Protection

SUMMARY :

A new attack campaign targeting interactive computing environments like Jupyter Notebooks has been discovered. The attack involves downloading a compressed file from a remote server, which, when executed, deploys multiple malicious tools to exploit the server and establish persistence. The campaign poses a significant risk to cloud-native environments by enabling unauthorized access and long-term control over compromised systems. The attack flow includes initial access through an unauthenticated JupyterLab instance, downloading and extracting malicious files, executing scripts to launch additional binaries, and establishing persistence while evading detection. The malware deploys cryptominers and attempts to kill competing processes. Runtime protection solutions can effectively detect, block, and mitigate these threats using real-time threat intelligence, malware scanning, and customizable policies.

OPENCTI LABELS :

evasion,cryptomining,persistence,cloud-native,runtime protection,sobolan,jupyter notebooks


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Stopping Sobolan Malware with Aqua Runtime Protection