DEMO
You are viewing a demo with synthetic data.to connect your own infrastructure.
< Back to Battle Room

Cryptominer on GPU Instances

resolved
Attacker Type
AUTOMATED TOOL
Confidence
99%
Kill Chain
Impact
Events
23
CRS Score
55
Elapsed
30s

EVENT TIMELINE

high11:00:00

Anomalous GPU utilization on p4d.24xlarge

info11:00:03

CIE: Instance terminated in 3 seconds

ATTACK NARRATIVE

A cryptomining payload was detected on a p4d.24xlarge GPU instance within 3 seconds of deployment. The Infrastructure Agent identified the anomalous GPU utilization pattern and syscall profile. The instance was terminated and replaced with a clean AMI. Root cause traced to exposed Jupyter notebook with default credentials. The notebook was secured and all similar instances were audited.

Affected Assets

ec2-gpu-ml-prod-01jupyter-hub-internal

Agent Layers Involved

infracloud

PREDICTED NEXT MOVES

01Spread to additional GPU instances
02Modify billing alerts to hide cost spike
03Deploy persistence via cron job

Pre-Blocked Paths

BLOCKEDSpread to additional GPU instances
BLOCKEDModify billing alerts to hide cost spike
BLOCKEDDeploy persistence via cron job

COUNTER-ACTIONS EXECUTED

Terminated compromised GPU instance
11:00:03
100%
Replaced with clean AMI
11:00:30
100%
Secured exposed Jupyter notebook
11:01:00
100%
Audited all GPU instances
11:05:00
100%