Xyoo tas los, UK's National Cyber Security Center (NCSC) tau pom qhov sib txawv ntawm cov neeg soj xyuas malware SparrowDoor ntawm lub network tsis tau qhia UK. Kev tshuaj xyuas ntawm qhov sib txawv tau luam tawm hnub no, uas tam sim no tuaj yeem nyiag cov ntaub ntawv los ntawm cov ntawv teev cia, thiab lwm yam. Tsis tas li ntawd, cov cim qhia ntawm kev sib haum xeeb thiab Yara cov cai tau tsim muaj uas tso cai rau cov koom haum los tshawb xyuas cov malware hauv lawv lub network.
Thawj version ntawm SparrowDoor tau tshawb pom los ntawm lub tuam txhab antivirus ESET thiab tau hais tias tau siv tawm tsam cov tsev so thoob ntiaj teb, nrog rau tawm tsam tsoomfwv. Cov neeg tawm tsam tau siv qhov tsis zoo hauv Microsoft Exchange, Microsoft SharePoint thiab Oracle Opera txhawm rau txhawm rau hauv cov koom haum. Cov koom haum cuam tshuam yog Canada, Israel, Fabkis, Saudi Arabia, Taiwan, Thaib thiab United Kingdom, thiab lwm yam. ESET tsis tau nthuav tawm lub hom phiaj tseeb ntawm cov neeg tawm tsam.
British NCSC hais tias nws pom ib qho txawv ntawm SparrowDoor ntawm ib lub koom haum British xyoo tas los. Cov ntawv no tuaj yeem nyiag cov ntaub ntawv los ntawm cov ntawv teev cia thiab kuaj xyuas cov npe hardcoded seb puas muaj qee yam kev tiv thaiv software khiav. Qhov kev hloov pauv no tuaj yeem ua raws li tus neeg siv tus account token thaum teeb tsa kev sib txuas hauv network. Nws zoo li qhov "downgrade" no yog ua kom tsis pom tseeb, uas nws tuaj yeem ua tau yog tias nws tau ua kev sib txuas lus hauv network hauv SYSTEM account, piv txwv li.
Lwm qhov tshiab yog kev nyiag ntawm ntau yam Windows API ua haujlwm. Nws tsis paub meej thaum lub malware siv "API hooking" thiab "token impersonation", tab sis raws li British NCSC, cov neeg tawm tsam tau txiav txim siab ua haujlwm ruaj ntseg txiav txim siab. Cov ntsiab lus ntxiv txog kev tawm tsam network lossis leej twg yog tus tom qab malware tsis tau muab.