Categories: chinyorwa

SolarWinds Hackers Vane Nzira Itsva dzeMisa Kurwiswa

Nobelium, iro boka riri kuseri kweSolarWinds kurwiswa, richine pfuti hombe yehunyanzvi hwekubira hunyanzvi hwainayo. Uku ndiko kupedzisa kwenyanzvi dzekuchengetedza Mandiant mune ongororo yazvino. Ngozi yeava -pamwe hurumende-backed- hackers haisati yapfuura.

Gore rapfuura, maNobelium hackers akakwanisa kubira muAmerican chengetedzo nyanzvi SolarWinds. Zvadaro, vatengi vazhinji veiyi nyanzvi yekuchengetedza vakabirwa, vangangoita zviuru gumi nezvisere, kusanganisira Microsoft uye zvakare hurumende yeUS. Izvi nemigumisiro yazvo yose.

Kumwe kuferefeta kumashure kwevapambi kwakaratidza kuti maNobelium hackers anofungidzirwa kugamuchira rubatsiro kubva kune imwe nyika. Izvi zvichida Russia.

Nobelium inonyanya kuzivikanwa nemaitiro ayo epamusoro, maitiro uye maitiro, anozivikanwawo seTTP. Panzvimbo pekurwisa avo vakakuvadzwa mumwe nemumwe, vanosarudza kusarudza kambani imwe inoshandira vatengi vakawanda. Kuburikidza nehack pakambani yekupedzisira, matsotsi anotarisa mhando ye 'master key' iyo inobva yango 'kuvhura' magonhi kune vatengi.

Research Mandiant

Tsvagiridzo yaMandiant inoratidza kuti Nobelium, uye mapoka maviri evabiki UNC3004 uye UNC2652 ari chikamu cheiyi conglomerate yekubira, vakawedzera kuita mabasa avo eTTP. Kunyanya pakurwisa cloud vatengesi uye MSPs kusvika kune mamwe mabhizinesi.

Matekinoroji matsva evabiki ndiko kushandiswa kwezvitupa zvakawanikwa kuburikidza ne info-stealer malware mishandirapamwe yevamwe vanoba. Neizvi, vaNobelium hackers vakatsvaga mukana wekutanga kune vakabatwa. Iwo matsotsi akashandisawo maakaundi ane Chikumbiro Kutevedzera ropafadzo ku "kukohwa" inonzwisa tsitsi data. Iwo matsotsi akashandisa ese ari maviri IP proxy masevhisi evatengi uye matsva emunharaunda masisitimu kuti vataure nevanokanganisa.

Uyewo verenga

Macinan.com zviri pamutemo here kana kuti chitsotsi? (Ongororo yedu)

Mamwe maitiro

Vakashandisawo hutsva hweTTP hwekupfuura zvirambidzo zvekuchengetedza munzvimbo dzakasiyana siyana, kusanganisira mashini chaiwo, kuona magadzirirwo emukati. Chimwe chishandiso chakashandiswa chaive chitsva CEELOADER downloader. Iwo matsotsi akatokwanisa kupinda mukati meanoshanda madhairekitori eMicrosoft Azure account uye kuba 'master keys' anopa mukana kune madhairekitori evatengi vebato rakakanganisika. Chekupedzisira, ma hackers akakwanisa kushandisa zvisizvo multi-factor authentication vachishandisa push notices pane smartphones.

Vatsvakurudzi veMandiant vakaona kuti vatengesi vainyanya kufarira ruzivo rwakakosha kuRussia. Uye zvakare, mune zvimwe zviitiko data rakabiwa zvekuti matsotsi aifanira kupa mikova mitsva yekurwisa vamwe vakakuvadzwa.

Nobelium inoramba iine dambudziko

Chirevo chinopedzisa kuti kurwisa kwaNobelium hakuzomira chero nguva pfupi. Sekureva kwevaongorori, matsotsi anoenderera mberi nekuvandudza hunyanzvi hwavo hwekurwisa uye hunyanzvi hwekugara kwenguva yakareba mukati memateti evanotambudzwa, kudzivirira kucherechedzwa uye kuvhiringidza maitiro ekudzoreredza.

Max Reisler

Kwaziwai! Ndini Max, chikamu chechikwata chedu chekubvisa malware. Basa redu nderekuramba takasvinura kubva mukusandura kutyisidzira kwemalware. Kuburikidza neBlog yedu, tinokuchengeta uchiziva nezvenjodzi dzemarware uye hutachiona hwekombuta, tichikupa zvishandiso zvekuchengetedza zvishandiso zvako. Tsigiro yako mukuparadzira ruzivo urwu rwakakosha pasocial media yakakosha mukuedza kwedu pamwe chete kuchengetedza vamwe.