An unidentified threat actor has been observed exploiting severe security vulnerabilities in the MinIO high-performance object storage system to execute unauthorized code on affected servers.
Security Joes, a company that specializes in cybersecurity and incident response, claimed that the intrusion used a publicly accessible exploit chain to backdoor the MinIO instance.
The first of which was added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) list of Known Exploited Vulnerabilities (KEV) on April 21, 2023, consists of CVE-2023-28432 and CVE-2023-28434.
The malicious changes made to the binary expose an endpoint that serves as a backdoor by receiving and executing commands sent via HTTP requests. The system permissions of the user who started the application are passed on to the commands.