5 September 2023

Threat actors exploit flaws in MinIO storage system to commandeer servers


Threat actors exploit flaws in MinIO storage system to commandeer servers

Malicious actors are abusing two recently disclosed flaws in the MinIO Object Storage solution to breach object storage systems to achieve unauthorized code execution on impacted servers.

MinIO is a high-performance, distributed object storage system built for large-scale AI/ML, data lake and database workloads. It is software-defined and runs on any cloud or on-premises infrastructure.

According to a report from cybersecurity and incident response firm Security Joes, the attackers used a publicly available exploit chain to backdoor a MinIO instance. The exploit chain involves two vulnerabilities tracked as CVE-2023-28432 and CVE-2023-28434, the former of which is an information disclosure issue, while the latter is a privilege escalation flaw.

These vulnerabilities impact all MinIO versions that precede RELEASE.2023-03-20T20-16-18Z. Both bugs were disclosed and addressed by the vendor in March of this year.

During the analysis, the Security Joes researchers discovered a previously unreported exploit chain comprised of CVE-2023-28432 and CVE-2023-28434. Further investigaion revealed that said exploit code is available on the GitHub repository “evil_minio”.

In the observed attack chain, the two flaws were weaponized by the threat actor to obtain admin credentials and replace the MinIO client on the host with a modified version that provides backdoor access to the system.

“While the backdoor used by the threat actor during the intrusion leverages the exploitation of MinIO and does not necessitate an external PHP script for its execution, it's imperative to underscore the range of tools at the disposal of the threat actor,” the researchers said. “These tools can potentially be employed to compromise additional environments that may not necessarily have any direct link to MinIO. This observation accentuates the threat actor's versatility and emphasizes the need for a comprehensive security posture that remains vigilant against various vectors of attack.”


Back to the list

Latest Posts

What is Vulnerability Management? A Beginner's Guide

What is Vulnerability Management? A Beginner's Guide

In this article will try to cover basics of vulnerability management process and why it is important to every company.
11 September 2024
Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024