ShadowRay 2.0 Turns AI Clusters into Crypto Botnets

A threat actor known as IronErn440 is exploiting a vulnerability (CVE-2023-48022) in the Ray framework to hijack AI compute infrastructure and turn it into a self-propagating cryptomining botnet. This campaign, dubbed ShadowRay 2.0, has seen attackers leverage platforms like GitLab and GitHub for command-and-control, targeting organizations with exposed Ray dashboards and job submission APIs.