Panda mai ruwa da ruwa, wata kungiyar satar bayanai ta kasar Sin, ta yi amfani da raunin Log4j kai tsaye wajen kai hari ga wata cibiyar ilimi da ba a bayyana ba. ƙwararrun masu farauta na CrowdStrike's Overwatch ne suka gano harin kuma suka shawo kan lamarin.
A cewar CrowdStrike, masu satar bayanan kasar Sin (jihar) sun kai farmaki kan wata cibiyar ilimi da ba a bayyana sunanta ba ta hanyar amfani da raunin Log4j da aka gano. An sami wannan raunin a cikin misalin VMware Horizon mai rauni na cibiyar da abin ya shafa.
VMware Horizon misali
Mafarautan barazanar CrowdStrike sun gano harin bayan da suka hango cunkoson ababen hawa daga wani tsari na Tomcat da ke gudana a karkashin misalin da abin ya shafa. Sun sanya ido kan wannan zirga-zirgar kuma sun tantance daga na'urar wayar salula cewa ana amfani da wani gyare-gyare na Log4j don kutsawa uwar garken. Masu satar bayanai na kasar Sin sun kai harin ne ta hanyar amfani da aikin GitHub na jama'a da aka buga a ranar 13 ga watan Disamba.
Ci gaba da lura da ayyukan hacking ya nuna cewa masu satar bayanan ruwa na Panda suna amfani da binaries na OS na asali don fahimtar matakan gata da sauran cikakkun bayanai na tsarin da yanayin yanki. Kwararrun CrowdStrike kuma sun gano cewa masu satar bayanan suna ƙoƙarin toshe ayyukan ganowa da amsawa na ɓangare na uku (EDR).
Daga nan ne kwararrun na OverWatch suka ci gaba da sanya ido kan ayyukan masu kutse kuma sun sami damar sanar da cibiyar da ake magana kan ci gaban kutsen. Cibiyar ilimi za ta iya yin aiki a kan wannan da kanta kuma ta ɗauki matakan kulawa da suka dace tare da facin aikace-aikacen mara ƙarfi.
Masu Hackers na Panda na Ruwa
Kungiyar masu satar bayanan sirri ta kasar Sin Aquatic Panda ta fara aiki tun watan Mayun 2020. Masu satar bayanan sun fi mayar da hankali ne kawai kan tattara bayanan sirri da leken asirin masana'antu. Da farko dai kungiyar ta fi mayar da hankali ne kan kamfanoni a bangaren sadarwa, bangaren fasaha da gwamnatoci.
Masu kutse sun fi amfani da abin da ake kira Cobalt Strike Tool sets, gami da na musamman Cobalt Strike downloader Fishmaster. Hackers na kasar Sin kuma suna amfani da dabaru irin su njRAt da ake biya don kai hari.
Kulawa da Log4j mai mahimmanci
Dangane da wannan lamarin, CrowdStrike ya bayyana cewa raunin Log4j babban amfani ne mai haɗari kuma kamfanoni da cibiyoyi za su yi kyau su bincika tare da daidaita tsarin su don wannan raunin.