For 15 Months Key Saudi Ministry Exposed Sensitive Data
The Saudi Ministry of Industry and Mineral Resources (MIM) had an environment file exposed, opening up sensitive details for anybody willing to take them. MIM is a government body responsible for industry and mineral resources operations. It was established in 2019 to diversify Saudi Arabia’s economy away from oil and gas.
An environment (env.) file serves as a set of instructions for computer programs, making it a critical component for any system. Leaving these files open to anyone exposes critical data and provides threat actors with various attack options. The first time the env. file was indexed by IoT search engines was in March 2022, meaning that the data was exposed for at least 15 months. The file has since been closed and is no longer accessible to the public.
Meanwhile, the now-closed MIM’s env. file exposed information that attackers could employ for lateral movement within the ministry’s systems, potentially escalating to anything from account takeover to a ransomware attack. Read more about this story on our LinkedIn page
An environment (env.) file serves as a set of instructions for computer programs, making it a critical component for any system. Leaving these files open to anyone exposes critical data and provides threat actors with various attack options. The first time the env. file was indexed by IoT search engines was in March 2022, meaning that the data was exposed for at least 15 months. The file has since been closed and is no longer accessible to the public.
Meanwhile, the now-closed MIM’s env. file exposed information that attackers could employ for lateral movement within the ministry’s systems, potentially escalating to anything from account takeover to a ransomware attack. Read more about this story on our LinkedIn page