{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/ecr/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Amazon ECR"],"_cs_severities":["medium"],"_cs_tags":["cloud","aws","ecr","exfiltration","supply-chain"],"_cs_type":"advisory","_cs_vendors":["Amazon"],"content_html":"\u003cp\u003eThis threat involves the modification of an Amazon Elastic Container Registry (ECR) policy to grant public access, which can be performed by an attacker who has gained initial access to an AWS account or by an insider with appropriate permissions, or inadvertently by a legitimate user. The malicious activity specifically targets the \u003ccode\u003eSetRepositoryPolicy\u003c/code\u003e or \u003ccode\u003ePutRegistryPolicy\u003c/code\u003e API calls to include a policy document with an \u003ccode\u003eAllow\u003c/code\u003e effect for a wildcard principal (\u003ccode\u003e\u0026quot;*\u0026quot;\u003c/code\u003e), effectively opening the container registry to all identities, including unauthenticated users. This misconfiguration, once established, can lead to the exfiltration of sensitive, proprietary container images, including any embedded secrets, posing a significant data breach risk. Furthermore, if the public policy also permits \u003ccode\u003epush\u003c/code\u003e actions, an adversary can implant malicious container images into the registry, leading to a severe supply chain compromise when these backdoored images are subsequently deployed by downstream services such as AWS ECS, EKS, or Lambda workloads.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains initial access to an AWS account through compromised credentials, insecure access keys, or by exploiting vulnerabilities in connected services.\u003c/li\u003e\n\u003cli\u003eThe attacker, leveraging the compromised credentials, executes an \u003ccode\u003eecr:SetRepositoryPolicy\u003c/code\u003e or \u003ccode\u003eecr:PutRegistryPolicy\u003c/code\u003e API call to modify an existing ECR repository or registry policy.\u003c/li\u003e\n\u003cli\u003eThe API request includes a crafted policy document that sets an \u003ccode\u003eAllow\u003c/code\u003e effect for a \u003ccode\u003ePrincipal\u003c/code\u003e field containing \u003ccode\u003e\u0026quot;*\u0026quot;\u003c/code\u003e, thereby granting public access.\u003c/li\u003e\n\u003cli\u003eThe ECR service successfully processes the policy update, making the specified repository or registry publicly accessible for \u003ccode\u003epull\u003c/code\u003e actions (e.g., \u003ccode\u003eecr:BatchGetImage\u003c/code\u003e, \u003ccode\u003eecr:GetDownloadUrlForLayer\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker, or any other unauthorized entity, can now pull proprietary container images from the ECR repository, leading to the exfiltration of intellectual property, sensitive configurations, and hardcoded secrets.\u003c/li\u003e\n\u003cli\u003e(Optional) If the publicly exposed policy also grants \u003ccode\u003epush\u003c/code\u003e permissions (e.g., \u003ccode\u003eecr:PutImage\u003c/code\u003e, \u003ccode\u003eecr:UploadLayerPart\u003c/code\u003e), the attacker can push malicious or backdoored container images to the repository.\u003c/li\u003e\n\u003cli\u003eDownstream services and applications (e.g., AWS ECS tasks, EKS pods, Lambda functions) configured to pull images from this repository will then fetch and deploy the compromised images.\u003c/li\u003e\n\u003cli\u003eThis deployment leads to a supply chain compromise, allowing the attacker to execute arbitrary code, establish persistence, or further expand their presence within the victim's cloud environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe primary impact of public ECR access is the exfiltration of sensitive data, including proprietary source code, application configurations, and hardcoded secrets (such as API keys, database credentials) that are baked into container images. Organizations across all sectors utilizing AWS ECR are susceptible. If the policy permits push access, the impact escalates to a supply chain attack, where adversaries can inject malicious code into deployed applications, leading to widespread system compromise, data breaches, and potential operational disruption. This could affect numerous downstream services within an organization's cloud infrastructure, potentially compromising customer data or critical business processes.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;AWS ECR Repository or Registry Policy Granted Public Access\u0026quot; in this brief to your SIEM and tune for your environment, paying close attention to \u003ccode\u003eaws.cloudtrail.user_identity.arn\u003c/code\u003e and \u003ccode\u003eaws.cloudtrail.user_identity.type\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReview AWS CloudTrail logs for \u003ccode\u003eSetRepositoryPolicy\u003c/code\u003e or \u003ccode\u003ePutRegistryPolicy\u003c/code\u003e events to identify any unauthorized or unintended policy changes.\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003eecr:SetRepositoryPolicy\u003c/code\u003e and \u003ccode\u003eecr:PutRegistryPolicy\u003c/code\u003e permissions within your AWS accounts to only trusted administrators using AWS IAM policies.\u003c/li\u003e\n\u003cli\u003eEnsure that any publicly exposed ECR repositories identified by the Sigma rule are intentionally public, that the access is strictly pull-only, and that their contents do not contain any sensitive data.\u003c/li\u003e\n\u003cli\u003eRegularly audit ECR repository policies for adherence to the principle of least privilege, specifically checking for \u003ccode\u003ePrincipal:\u0026quot;*\u0026quot;\u003c/code\u003e statements.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T15:39:49Z","date_published":"2026-07-03T15:39:49Z","id":"https://feed.craftedsignal.io/briefs/2026-07-aws-ecr-public-access/","summary":"A malicious actor or misconfigured legitimate user can modify an Amazon ECR repository or registry policy to grant public access using a wildcard principal (`Principal:\"*\"`), which can lead to the exfiltration of proprietary container images and embedded secrets, or facilitate supply-chain implantation if push permissions are also granted.","title":"AWS ECR Repository or Registry Policy Granted Public Access","url":"https://feed.craftedsignal.io/briefs/2026-07-aws-ecr-public-access/"}],"language":"en","title":"CraftedSignal Threat Feed - Ecr","version":"https://jsonfeed.org/version/1.1"}