Nobelium, iro boka riri kuseri kweSolarWinds kurwiswa, richine pfuti hombe yehunyanzvi hwekubira hunyanzvi hwainayo. Uku ndiko kupedzisa kwenyanzvi dzekuchengetedza Mandiant mune ongororo yazvino. Ngozi yeava -pamwe hurumende-backed- hackers haisati yapfuura.
Gore rapfuura, maNobelium hackers akakwanisa kubira muAmerican chengetedzo nyanzvi SolarWinds. Zvadaro, vatengi vazhinji veiyi nyanzvi yekuchengetedza vakabirwa, vangangoita zviuru gumi nezvisere, kusanganisira Microsoft uye zvakare hurumende yeUS. Izvi nemigumisiro yazvo yose.
Kumwe kuferefeta kumashure kwevapambi kwakaratidza kuti maNobelium hackers anofungidzirwa kugamuchira rubatsiro kubva kune imwe nyika. Izvi zvichida Russia.
Nobelium inonyanya kuzivikanwa nemaitiro ayo epamusoro, maitiro uye maitiro, anozivikanwawo seTTP. Panzvimbo pekurwisa avo vakakuvadzwa mumwe nemumwe, vanosarudza kusarudza kambani imwe inoshandira vatengi vakawanda. Kuburikidza nehack pakambani yekupedzisira, matsotsi anotarisa mhando ye 'master key' iyo inobva yango 'kuvhura' magonhi kune vatengi.
Research Mandiant
Tsvagiridzo yaMandiant inoratidza kuti Nobelium, uye mapoka maviri evabiki UNC3004 uye UNC2652 ari chikamu cheiyi conglomerate yekubira, vakawedzera kuita mabasa avo eTTP. Kunyanya pakurwisa cloud vatengesi uye MSPs kusvika kune mamwe mabhizinesi.
Matekinoroji matsva evabiki ndiko kushandiswa kwezvitupa zvakawanikwa kuburikidza ne info-stealer malware mishandirapamwe yevamwe vanoba. Neizvi, vaNobelium hackers vakatsvaga mukana wekutanga kune vakabatwa. Iwo matsotsi akashandisawo maakaundi ane Chikumbiro Kutevedzera ropafadzo ku "kukohwa" inonzwisa tsitsi data. Iwo matsotsi akashandisa ese ari maviri IP proxy masevhisi evatengi uye matsva emunharaunda masisitimu kuti vataure nevanokanganisa.
Mamwe maitiro
Vakashandisawo hutsva hweTTP hwekupfuura zvirambidzo zvekuchengetedza munzvimbo dzakasiyana siyana, kusanganisira mashini chaiwo, kuona magadzirirwo emukati. Chimwe chishandiso chakashandiswa chaive chitsva CEELOADER downloader. Iwo matsotsi akatokwanisa kupinda mukati meanoshanda madhairekitori eMicrosoft Azure account uye kuba 'master keys' anopa mukana kune madhairekitori evatengi vebato rakakanganisika. Chekupedzisira, ma hackers akakwanisa kushandisa zvisizvo multi-factor authentication vachishandisa push notices pane smartphones.
Vatsvakurudzi veMandiant vakaona kuti vatengesi vainyanya kufarira ruzivo rwakakosha kuRussia. Uye zvakare, mune zvimwe zviitiko data rakabiwa zvekuti matsotsi aifanira kupa mikova mitsva yekurwisa vamwe vakakuvadzwa.
Nobelium inoramba iine dambudziko
Chirevo chinopedzisa kuti kurwisa kwaNobelium hakuzomira chero nguva pfupi. Sekureva kwevaongorori, matsotsi anoenderera mberi nekuvandudza hunyanzvi hwavo hwekurwisa uye hunyanzvi hwekugara kwenguva yakareba mukati memateti evanotambudzwa, kudzivirira kucherechedzwa uye kuvhiringidza maitiro ekudzoreredza.