Aquatic Panda, boka reChinese rekubira, rashandisa zvakananga Log4j kusagadzikana kurwisa chikoro chisina kuziviswa. Kurwiswa uku kwakawanikwa uye kwakaverengerwa neCrowdStrike's Overwatch kutyisidzira nyanzvi.
Sekureva kweCrowdStrike, maChinese (nyika) matsotsi akatanga kurwiswa kwechikoro chisina kudomwa zita vachishandisa njodzi yakawanikwa yeLog4j. Kusagadzikana uku kwakawanikwa mune isina njodzi VMware Horizon muenzaniso weiyo yakakanganisika institution.
VMware Horizon muenzaniso
Vavhimi veCrowdStrike vekutyisidzira vakawana kurwiswa kwacho mushure mekuona traffic inofungidzira kubva kuTomcat process ichimhanya pasi pechiitiko chakakanganisika. Ivo vakatarisisa iyi traffic uye vakasarudza kubva ku telemetry kuti yakagadziridzwa vhezheni yeLog4j yaishandiswa kupinda musevha. MaChina matsotsi akaita kurwiswa uku vachishandisa ruzhinji GitHub chirongwa chakaburitswa muna Zvita 13.
Kumwe kutariswa kwechiitiko chekubira kwakaratidza kuti maAquatic Panda hackers vaishandisa maOs mabhinari ekuzvarwa kuti vanzwisise nhanho dzeropafadzo uye zvimwe zvemasisitimu uye nharaunda. Nyanzvi dzeCrowdStrike dzakaonawo kuti matsotsi aiyedza kuvharidzira mashandiro eiyo inoshanda yechitatu-bato endpoint yekuona uye mhinduro (EDR) mhinduro.
Nyanzvi dzeOverWatch dzakabva dzaenderera mberi nekutarisa zviitiko zvematsotsi uye dzakakwanisa kuita kuti sangano iri riri mubvunzo rizive mafambiro arikuita. Sangano redzidzo rinogona kuita pane izvi pacharo uye kutora matanho anodiwa ekudzora uye kupeta chigamba chisina njodzi.
Aquatic Panda Hackers
Boka rekuChina rekubira matsotsi reAquatic Panda rave kushanda kubva muna Chivabvu 2020. Matsotsi anotarisisa kuunganidza njere uye husori hwemaindasitiri. Pakutanga, boka racho rainyanya kutarisa kumakambani ari muchikamu chenharembozha, chikamu chehunyanzvi uye hurumende.
Iwo matsotsi anonyanya kushandisa anonzi Cobalt Strike chishandiso seti, kusanganisira yakasarudzika Cobalt Strike downloader Fishmaster. Iwo maChinese matsotsi anoshandisawo matekiniki akadai senjRAt payloads kurova zvibodzwa.
Monitoring Log4j yakakosha
Mukupindura chiitiko ichi, CrowdStrike yakataura kuti kusazvibata kweLog4j inyaya ine njodzi uye kuti makambani nemasangano angaita zvakanaka kuongorora uye kugadzirisa masisitimu avo nekuda kwekusagadzikana uku.