Evil MinIO Exploits: A New Attack Vector to Breach Corporate Networks | Cyware Hacker News
Researchers from Security Joes have identified an unknown threat actor exploiting vulnerabilities in the MinIO Object Storage system to remotely execute arbitrary code on vulnerable servers. Researchers discovered the exploit code Evil_MinIO, abusing CVE-2023-28434 and CVE-2023-28432 vulnerabilities, on a GitHub repository.
MinIO is a high-performance and distributed object storage system used by various organizations.
Attack method
- As part of the attack, the attackers leverage some social engineering tactics to convince a DevOps engineer to update a MinIO software to a vulnerable version that is impacted by the two vulnerabilities.
- Upon launching the application, attackers exploit the flaws to add a backdoor that allows them to conduct remote code execution attacks on victims’ systems.
Furthermore, researchers note that the backdoor continues to exhibit zero detection on the Virus Total scanning platform.
Impact
- The flaws under attack are two high-severity issues impacting all MinIO versions before RELEASE.2023-03-20T20-16-18Z.
- Researchers have found over 50,000 MinIO installations exposed online, which indicates that attackers can exploit these flaws to gain access to sensitive information stored on compromised installations and launch remote code execution attacks.
- The exploits can effectively be used against Linux and Windows environments using specific Downloader Scripts.
Conclusion
Owing to the flexibility, open-source platforms like MinIO have been appealing to a broad range of organizations. However, this open-source nature poses a significant security risk when they are downloaded from unofficial sources. Having said that, admins are advised to be careful and verify the authenticity of sources when installing such software. Moreover, it is recommended to apply the available security update to protect their assets from Evil MinIO exploit attacks.