Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography

Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography

Cloud

In this blog entry, we discuss a malicious campaign that targets Alibaba Cloud’s OSS buckets with leaked credentials for malware distribution and cryptojacking.

By: Alfredo Oliveira, David Fiser July 21, 2022 Read time:  ( words)

Previously, we reported on how threat actors are targeting multiple cloud environments such as Huawei Cloud to host cryptocurrency-mining malware by abusing misconfiguration issues and weak or stolen credentials obtained from a previous malware infection.

This time, we have identified a malicious campaign using the object storage service (OSS) of Alibaba Cloud (also known as Aliyun) for malware distribution and illicit cryptocurrency-mining activities. OSS is a service that allows Alibaba Cloud customers to store data like web application images and backup information in the cloud. Unfortunately, this is not the first time that we’ve seen malicious actors targeting Alibaba Cloud: Earlier this year, we detailed how malicious actors disabled features inside Alibaba Cloud for cryptojacking purposes.

How malicious actors abuse unsecure OSS buckets, credentials

To secure an OSS bucket, a user has to set up a proper access policy. If this is done incorrectly, a malicious user can upload or download a user’s files to or from the bucket itself.

Malicious actors can also get hold of a user’s OSS bucket by obtaining

Read more

Explore the site

More from the blog

Latest News