Cloud bucket hijacking risks across major providers
🔒 Unit 42 researchers describe a bucket hijacking technique that exploits globally unique storage bucket names across major cloud providers. By deleting a target bucket and recreating it under an attacker-controlled account with the same name, data streams (logs, Pub/Sub, replication, transfer jobs, etc.) can be silently rerouted to an adversary. The team validated the attack across Google Cloud, AWS and demonstrated cross-subscription scenarios in Azure, and has shared findings with the affected vendors.
