TI Mindmap HUB
Threat Intelligence Report

ShadowRay 2.0: Active Global Campaign Hijacks Ray AI Infrastructure Into Self-Propagating Botnet | Oligo Security

πŸ“… November 19, 2025 πŸ“° www.oligo.security πŸ” 1 CVE(s) referenced

A global, AI-driven hacking campaign dubbed ShadowRay 2.0 is actively exploiting a disputed vulnerability in the Ray AI framework to seize control of exposed clusters, weaponize legitimate orchestration features, and build a self-replicating, multi-purpose botnet that mines cryptocurrency, exfiltrates sensitive data, and launches DDoS attacksβ€”all while evading detection through sophisticated, region-aware, and rapidly evolving techniques.

vendor
CVE-2023-48022

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

πŸ” Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

πŸ“Š Visual Mindmap
🎯 IOC Extraction
βš”οΈ MITRE ATT&CK TTPs
πŸ“¦ STIX 2.1 Bundle