Emerging Cloud Attack Vector: A Case Study on MinIO Exploitation

September 6, 2023

An innovative cloud attack vector has surfaced, granting cybercriminals the ability to remotely execute code and seize control of systems running the distributed object storage system, MinIO. This open-source service, compatible with Amazon S3's cloud storage, is used by businesses to manage unstructured data such as photos, videos, log files, backups, and container images.

Recently, Security Joes researchers detected threat actors exploiting a series of critical vulnerabilities in MinIO (CVE-2023-28434 and CVE-2023-28432) to penetrate a corporate network. According to the researchers, 'The specific exploit chain we stumbled into was not observed in the wild before, or at least documented, making this the first instance of evidence showcasing such non-native solutions are being adopted by attackers.' The researchers were surprised to find that these products were susceptible to a new set of critical vulnerabilities that were relatively easy to exploit.

In this particular attack, a DevOps engineer was tricked into updating MinIO to a new version that essentially functioned as a backdoor. The update was a weaponized version of MinIO with a built-in command shell function called 'GetOutputDirectly(),' and remote code execution (RCE) exploits for the two disclosed vulnerabilities. This booby-trapped version, known as 'Evil_MinIO,' is available on a GitHub repository.

Although the attack was halted before reaching the RCE-and-takeover stage, the existence of this malicious software variant should serve as a warning to users to be vigilant against future attacks, particularly those targeting software developers. A successful attack could reveal sensitive corporate data and intellectual property, provide access to internal applications, and enable attackers to delve deeper into an organization's infrastructure.

Security Joes emphasized the critical importance of security throughout the software development lifecycle in their investigation report. 'Failing to explicitly recognize the paramount importance of security across the entirety of the software development lifecycle constitutes a critical oversight,' they stated. They warned that such negligence could expose an organization to substantial risks that, while not immediate, lurk in the shadows, waiting for the right opportunity to exploit.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.