MinIO storage system exploited by hackers to target corporate networks

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

If your MinIO client app was replaced with its evil twin that leaks sensitive data to third parties, would you notice? Some hackers are betting you wouldn’t, as that’s exactly what they have been doing against certain endpoints, researchers from Security Joes recently discovered.

In a detailed writeup, cybersecurity experts from Security Joes said they observed some threat actors chaining together two relatively unknown vulnerabilities: CVE-2023-28432 (CVSS score: 7.5) and CVE-2023-28434 (CVSS score: 8.8).

By using these two flaws, threat actors steal admin credentials and move into MinIO, an open-source object storage service where admins can keep things like unstructured data, logs, backups, and more. As it offers to keep files up to 50TB in size, as well as other advantages, it’s become a cost-effective choice.

Deceptive update

Once they gain access to the client, they can run a “deceptive update,” as Security Joes describes it. "By replacing the authentic MinIO binary with its 'evil' counterpart, the attacker seals the compromise of the system."

The threat actors, which are yet to be named, are using a replica of an exploit called Evil MinIO, which was published on GitHub in April this year, The Hacker News reports. “That said, there is no evidence to suggest a connection between the exploit's author and the attackers,” the publication adds.

Still, the compromised endpoint can then work as a backdoor, giving the attackers the ability to run commands on the host that runs the application. "Notably, the executed commands inherit the system permissions of the user who initiated the application. In this instance, due to inadequate security practices, the DevOps engineer launching the application held root-level permissions," the researchers explained.

They added that there are more than 52,000 MinIO instances that are exposed on the public internet, with roughly two-fifths (38%) running an updated, protected version.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
AWS S3 feature abused by ransomware hackers to encrypt storage buckets
A person holding a virtual cloud in the palm of their hand.
Amazon EC2 instances could be under fire from whoAMI technique giving hackers code execution access
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
Latest in Security
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
WordPress on a laptop
Over 20,000 WordPress sites hit by damaging malware campaign
Trojan
WhatsApp patches security flaw which let hackers install spyware
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 21 (game #1152)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 21 (game #383)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 21 (game #649)
The ASSC Assassin's Creed collection.
The Assassin's Creed x Anti Social Social Club drop includes gaming merch that I wouldn't be embarrassed to wear
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Boston Dynamics all electric Altas
This robot can do a cartwheel better than me and now I'm freaking out – but in a good way