Qubitstrike

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Qubitstrike is a novel form of malware that has been targeting vulnerable Jupyter Notebook instances, as reported on October 19, 2023. The threat actors suspected to be behind this are believed to be based in Tunisia. These actors have been using Qubitstrike to facilitate cryptomining and cloud compromise. The attacks reportedly begin with a manual scan for exposed Jupyter Notebooks, followed by a CPU identification to evaluate the system's mining potential. The primary objective of Qubitstrike appears to be resource hijacking for the purpose of mining the XMRig cryptocurrency. The Qubitstrike scripts also install the open-source Diamorphine rootkit for Linux, which is used to hide the presence of any running scripts and malware payloads. This means that once Qubitstrike has infiltrated a system, it can operate undetected. The malware's advanced command-and-control (C2) infrastructure uses Discord’s bot functionality for issuing commands on compromised nodes or tracking the campaign’s progress. This highlights the sophistication of the malware and its capability to carry out various types of attacks after gaining access to vulnerable hosts. According to new research from Cado Security Labs, the Qubitstrike campaign payloads are hosted on codeberg.org, an alternative service to the Git hosting platform. Discord is used for command and control communications, providing further evidence of the advanced nature of this malware. The findings emphasize the need for robust cybersecurity measures, particularly in scientific computing environments like Jupyter Notebooks, which have been identified as key targets for Qubitstrike.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Jupyter
1
Jupyter, also known as SolarMarker, Yellow Cockatoo, and Jupyter Infostealer, is a malware that has been steadily evolving since 2020. This malicious software targets sectors such as education, healthcare, and small to medium-sized enterprises (SMEs). It is designed to exploit and damage computer sy
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Bot
Malware
Rootkit
Aws
Telegram
Linux
Discord
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
XmrigUnspecified
1
XMRig is a type of malware that is particularly harmful to computer systems and devices. It infiltrates the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DiamorphineUnspecified
1
Diamorphine is a threat actor, a human entity or group with malicious intent, that has been identified as using sophisticated techniques to compromise system security. This actor utilizes open-source rootkits available on GitHub, namely Diamorphine and Reptile, to infiltrate supported systems. These
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Qubitstrike Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
9 months ago
North Korean hackers targeting TeamCity vulnerability
CERT-EU
9 months ago
Attacks exploiting WinRAR zero-day linked to Russian, Chinese hackers
CERT-EU
6 months ago
FBI: Androxgh0st Malware Building Mega-Botnet for Credential Theft
CERT-EU
9 months ago
Qubitstrike attacks launched against Jupyter Notebooks
CERT-EU
9 months ago
Qubitstrike Malware Hits Jupyter Notebooks for Cryptojacking and Cloud Data
CERT-EU
9 months ago
Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials