Threat Advisories:
ShadowRay Strikes Back: Inside the Multi-Purpose Ray Cluster Takeover November 2025 Linux Patch Roundup CVE-2025-11001 Turns a Simple Unzip into a System-Level Ambush CVE-2025-55241: Critical Cross-Tenant Privilege Escalation in Microsoft Entra ID TamperedChef: A High-Severity Multi-Stage Infostealer Operation Eternidade Stealer: Brazil’s New WhatsApp-Driven Cybercrime Engine Gh0st RAT Multi-Campaign Delivery Surge Targets Chinese Speakers FortiWeb Flaw Exploited in the Wild: Patch Immediately Google Patches High-Risk V8 Zero-Day Hitting Chrome Users FortiWeb Hijack: The Hidden Vulnerability Fueling Admin Account Creation Lazarus Group’s New Comebacker Variant Targets Aerospace & Defense Threat Actors Turn RMM Tools into Backdoor Gateways CVE-2025-12480: Triofox Exploit Turns Trusted Access Into a Security Nightmare Microsoft’s November 2025 Patch Tuesday Roundup Telegram-Powered Credential Theft Campaign Sweeps Europe Critical Zero-Day Exposes Synology Devices to Remote Attacks APT41 Cyber-Espionage Campaign Targets U.S. Policy Institutions I Paid Twice: Inside the Booking.com Phishing Fraud Return of Gootloader: Blending Technical Evasion with Operational Discipline Unmasking Airstalk’s Covert Supply Chain Intrusion
Hive Pro recognized in Gartner® Magic Quadrant™ for Exposure Assessment Platform, 2025 Watch platform in action
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them. Powered by:
IntegrationsOut of box integrations available with a comprehensive set of Security and IT operations tools in your organisation.
HiveForce LabsThe in-house intelligence that enables customers to identify and address immediate cyber risks and potential threats with precision, clear insights, and swift action.
Hive Pro’s ComparisonSave Cost , Reduce Complexity and Increase Security by Augmenting and Replacing your existing Vulnerability Management platform
Hive Pro vs Rapid7
Hive Pro vs Tenable
Hive Pro vs Qualys
Hive Pro vs Nucleus Security
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Whitepapers
Press Releases
connect
Webinars & Videos
Blog
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them. Powered by:
IntegrationsOut of box integrations available with a comprehensive set of Security and IT operations tools in your organisation.
HiveForce LabsThe in-house intelligence that enables customers to identify and address immediate cyber risks and potential threats with precision, clear insights, and swift action.
Hive Pro’s Comparison
Hive Pro vs Rapid7
Hive Pro vs Tenable
Hive Pro vs Qualys
Hive Pro vs Nucleus Security
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Whitepapers
Press Releases
connect
Webinars & Videos
Blog
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe

ShadowRay Strikes Back: Inside the Multi-Purpose Ray Cluster Takeover

Red | Attack Report
Download PDF

ShadowRay 2.0: Multi-Purpose Ray Cluster Takeover Attack Campaign Targeting AI Infrastructure

Summary

ShadowRay 2.0 Campaign Overview

The ShadowRay 2.0 campaign represents a sophisticated attack operation targeting exposed Ray AI framework clusters worldwide. Discovered in September 2024 and resurging in November 2025, this cryptojacking and data theft campaign exploits the unpatched vulnerability CVE-2023-48022 in Anyscale Ray to compromise over 200,000 exposed Ray servers globally. Threat actor IronErn440 orchestrates this ShadowRay attack using DevOps-style infrastructure, AI-generated payloads, and Ray’s built-in orchestration features to create self-propagating cryptojacking botnets.

The ShadowRay 2.0 attack campaign transforms compromised Ray clusters into multi-purpose botnets capable of cryptocurrency mining, autonomous spreading, sensitive data theft from AI workloads, and launching offensive DDoS operations across the internet. Attackers masquerade XMRig miners as system processes while siphoning sensitive data and hijacking GPUs for profit.

Attack Details

Technical Analysis of ShadowRay 2.0 Campaign

The ShadowRay 2.0 campaign exploits CVE-2023-48022, a remote code execution vulnerability in the Ray AI framework that enables unauthenticated code execution through Ray’s Jobs API. This vulnerability remains unpatched because it stems from Ray’s design assumptions that clusters operate within secured and isolated environments. With no official vendor patch available and hundreds of thousands of Ray servers exposed online, attackers have leveraged this flaw since March 2024.

The threat actor IronErn440 attributed to this campaign employed DevOps-style infrastructure using GitLab and GitHub repositories to host evolving malware payloads. The operation unfolded in two rapid waves: the first wave emerged in early November 2025 using GitLab until the account was terminated on November 5, followed by a second wave through GitHub repositories launched November 10 that continued pushing updates despite multiple takedowns.

Attack techniques demonstrated by ShadowRay 2.0 include AI-generated reconnaissance scripts, multi-stage Python payloads, hidden persistence mechanisms through cron jobs and systemd services, GPU-optimized cryptojacking using XMRig miner, large-scale victim scanning, and DDoS tooling. The payloads were engineered for stealth by throttling CPU usage and disguising harmful processes as legitimate system operations. Attackers also battled rival cryptojackers for dominance over compromised systems.

Recommendations

Security Mitigation Guidance for Ray Clusters

Lock Down Ray Cluster Ports: Ensure Ray dashboard and Jobs API are not exposed to the public internet. Place them behind a firewall, VPN, or private network segment to prevent attackers from reaching exploitable endpoints.

Enable Authentication Controls: Ray is frequently deployed without authentication by default. Enable access controls, implement strong API keys, and integrate identity management wherever possible. Treat Ray infrastructure as production-critical systems requiring robust security.

Restrict Job Submission Permissions: Limit job submission capabilities to a small group of trusted users or service accounts to prevent attackers from abusing Ray’s job features for malicious code execution.

Monitor for CPU/GPU Anomalies: Unusual compute usage approaching 100% often indicates cryptomining activity. Configure alerts for unexpected CPU/GPU spikes, new processes, or unknown Python scripts executing during off-hours.

Keep Infrastructure Updated: Regularly update Ray versions, operating systems, and cloud images. While CVE-2023-48022 lacks a direct patch, newer releases include improved security guidance and deployment hardening recommendations.

Indicators of Compromise (IoCs)

Network Indicators

IPv4 Addresses:

  • 18[.]228[.]3[.]224
  • 45[.]95[.]168[.]100
  • 185[.]215[.]180[.]70
  • 104[.]194[.]151[.]181
  • 121[.]160[.]102[.]68
  • 54[.]154[.]170[.]233
  • 158[.]160[.]123[.]117
  • 193[.]29[.]224[.]83
  • 162[.]248[.]53[.]119
  • 103[.]127[.]134[.]124
  • 18[.]230[.]118[.]147
  • 67[.]217[.]57[.]240
  • 45[.]61[.]150[.]83

Domains:

  • *.oast.fun
  • pool.supportxmr.com
  • gulf.moneroocean.stream
  • eu.zano.k1pool.com

Subdomain:

  • bwqqvqfgsseplyoltois92rdukv0mm5th.oast.fun
File Indicators

SHA256:

  • 6f445252494a0908ab51d526e09134cebc33a199384771acd58c4a87f1ffc063
  • 1f6c69403678646a60925dcffe8509d22bb570c611324b93bec9aea72024ef6b

MD5: 1f63fa7921c2f5fb8f8ffa430d02ac4a

SHA1: 779a8af3b9838a33d1e199da3fc2f02a49e7c13e

Malicious Filenames:

  • dns-filter, .python3.6, rigel, python3.7.3, netsh, sockstress
  • mon.sh, aa.sh, aa_clean.sh, run.sh, run-CN.sh, .ddns.sh, xd.sh, cloud.txt

File Paths:

  • /usr/lib/dev/systemdev/dns-filter
  • /tmp/dns
  • /var/tmp/.ddns.sh
  • /etc/init.d/dns-filter
  • ~/.bashrc
Attribution Indicators

GitLab Repository: gitlab.com/ironern440-group/ironern440-project

GitLab Users: ironern440-group, least3654, thisisforwork440-ops

Monero Wallet: 45MinZ6ECgTgxn8gbm5gAsK9ATrEN6N95hbH3g4r5N4bKwH8QxuFygw3G7VwHwAusR9L35E4YjWYdTJaWDjbMGDCKYNz5X1

ZANO Wallet: KrQtbtsrPTqSTzQwZZisiyJxgtcDMwrdVrQ

MITRE ATT&CK TTPs

Tactics and Techniques

Tactics:

  • TA0042: Resource Development
  • TA0001: Initial Access
  • TA0002: Execution
  • TA0003: Persistence
  • TA0005: Defense Evasion
  • TA0007: Discovery
  • TA0010: Exfiltration
  • TA0011: Command and Control
  • TA0040: Impact

Techniques:

  • T1190: Exploit Public-Facing Application
  • T1588: Obtain Capabilities
  • T1588.005: Exploits
  • T1588.006: Vulnerabilities
  • T1059: Command and Scripting Interpreter
  • T1059.006: Python
  • T1106: Native API
  • T1053: Scheduled Task/Job
  • T1053.003: Cron
  • T1543: Create or Modify System Process
  • T1543.002: Systemd Service
  • T1087: Account Discovery
  • T1082: System Information Discovery
  • T1041: Exfiltration Over C2 Channel
  • T1071: Application Layer Protocol
  • T1071.001: Web Protocols
  • T1105: Ingress Tool Transfer
  • T1036: Masquerading
  • T1027: Obfuscated Files or Information
  • T1562: Impair Defenses
  • T1562.004: Disable or Modify System Firewall
  • T1498: Network Denial of Service
  • T1496: Resource Hijacking

References

Source Documentation
  • Oligo Security Blog: ShadowRay 2.0 – Attackers Turn AI Against Itself in Global Campaign
  • CVE-2023-48022: Anyscale Ray Remote Code Execution Vulnerability
  • Note: Formal patch not yet released for CVE-2023-48022

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox