How I Simulated a Supply Chain Attack on Thousands of Servers — and Made $25K While hunting for broken link takeover opportunities, I came across an old Google Cloud Storage bucket that was …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A security researcher discovered an abandoned Google Cloud Storage bucket previously used to distribute Helm binaries, with thousands of CI pipelines and Dockerfiles still referencing it. By enabling access logging, they confirmed live traffic from production servers, then crafted fake Helm binaries with a harmless payload to collect system metadata and demonstrate real-world impact. The experiment revealed over 1,000 requests per day from thousands of unique machines across multiple organizations. Reports to bug bounty programs yielded ~$25,000 in total, including a $15,000 payout from Apple. Google ultimately took over the bucket to neutralize the supply chain risk.