In September 2023, a new campaign called Shadowray was uncovered, targeting a vulnerability in the popular Ray framework. This exploit allowed malicious actors to access computing power and steal sensitive data from numerous companies across various industries, including education, cryptocurrency, and biopharmaceuticals.
Anyscale Ray is a widely used framework for scaling AI and Python-based applications in distributed computing clusters. Major organizations like Amazon, Spotify, and Netflix utilize this framework to power their operations, making it a prime target for cyber attacks.
The exploitation of this vulnerability escalated following Anyscale’s disclosure of five Ray vulnerabilities in November 2023, with one critical Remote Code Execution (RCE) flaw, CVE-2023-48022, remaining unpatched due to the decision to implement authentication measures.
Despite Anyscale downplaying the significance of this unaddressed vulnerability for operations outside controlled network environments, reports from Oligo reveal that it has been actively exploited since September 2023. Hackers compromised numerous publicly accessible Ray servers, gaining access to sensitive AI models, database information, and cloud environment credentials.
In some instances, attackers utilized compromised servers for cryptocurrency mining or established persistent access through Reverse Shell, enabling them to execute arbitrary code via Python scripts.
Many developers may have overlooked the documentation pertaining to the CVE-2023-48022 vulnerability, leading to its designation as a “shadow vulnerability” that evades detection by static scanners but poses significant risks and potential losses.
To safeguard against Shadowray attacks, Oligo recommends implementing strict security measures for Ray deployments, such as firewall rules, authentication for Ray Dashboard access, and continuous monitoring for suspicious activities.