Evil MinIO is a new exploit that targets corporate networks

Evil MinIO is a new security threat that targets the MinIO Object Storage system. This new exploit sheds light on a new attack vector that could potentially breach corporate networks. This campaign involves an unknown adversary exploiting vulnerabilities within the MinIO system, resulting in the remote execution of arbitrary code on vulnerable servers.

MinIO is a widely adopted high-performance distributed object storage system employed by numerous organisations for its efficiency and scalability. However, the emergence of this exploit, referred to as “Evil_MinIO,” has raised concerns within the cybersecurity community.

 

The Evil MinIO campaign begins with social engineering tactics.

 

The Evil MinIO attack involves a multi-layered attack from its operators. Initially, these threat actors employ social engineering tactics to start their attack and persuade a DevOps engineer to update their MinIO software to a version susceptible to two specific vulnerabilities: CVE-2023-28434 and CVE-2023-28432.

Subsequently, once the target updates and launches the software, the attackers will exploit these vulnerabilities to insert a concealed backdoor. This backdoor provides them with unauthorised access, enabling the execution of remote code attacks on the victim’s systems.

A particularly alarming aspect of this threat is that the backdoor remains virtually undetectable on the VirusTotal scanning platform, making it exceptionally challenging to identify and mitigate.

The vulnerabilities this exploit targets fall in the high-severity category and impact all MinIO versions released before 2023-03-20T20-16-18Z. This widespread susceptibility could affect over 50,000 MinIO installations exposed online.

This alarming number shows the potential for attackers to compromise sensitive data stored within these installations and launch remote code execution (RCE) attacks.

Furthermore, these exploits are versatile and practical, capable of compromising both Linux and Windows environments using specific Downloader Scripts, further expanding their reach and threat potential.

While the appeal of open-source platforms like MinIO lies in their flexibility and adaptability, this incident highlights the inherent security risks they pose when downloaded from third-party and unofficial sources. Admins and IT personnel should be cautious and diligent when installing such software to ensure the authenticity of the products.

Organisations are strongly advised to promptly apply available security updates to safeguard their assets and networks from Evil_MinIO exploit attacks. This proactive approach can help mitigate the risk posed by this emerging threat and increase the security of corporate networks utilising the MinIO Object Storage system.