Aquatic Panda, oo ah koox shiinees ah oo jabsata, ayaa si toos ah u isticmaasha nuglaanta Log4j si ay u weerarto machad tacliineed oo aan la shaacin. Weerarka waxaa ogaaday oo ka hortagay CrowdStrike's Overwatch khabiiro ku takhasusay ugaarsiga.
Sida laga soo xigtay CrowdStrike, tuugada Shiinaha (gobolka) ayaa weerar ku qaaday machad tacliineed oo aan la magacaabin iyaga oo isticmaalaya nuglaanta Log4j. Nuglaantan waxaa laga helay tusaale ahaan VMware Horizon oo nugul ee machad ay saamaysay.
Tusaale ahaan VMware Horizon
Ugaadhsadayaasha CrowdStrike ayaa daaha ka qaaday weerarka ka dib markii ay arkeen taraafikada tuhunka ka imanaysa habka Tomcat ee hoos socda tusaalaha ay saamaysay. Waxay la socdeen taraafikadan waxayna go'aamiyeen telemetry in nooca Log4j la beddelay si loo dhex geliyo serfarka. Budhcad-badeedda Shiineeska ah ayaa fuliyay weerarka iyaga oo isticmaalaya mashruuc dadweyne oo GitHub ah oo la daabacay 13-kii Disembar.
La socodka dheeraadka ah ee hawsha jabsiga ayaa shaaca ka qaaday in budhcadayaasha Aquatic Panda ay isticmaalayaan OS-da asalka ah si ay u fahmaan heerarka mudnaanta iyo faahfaahinta kale ee nidaamyada iyo deegaanka domain. Khabiirada CrowdStrike ayaa sidoo kale ogaaday in jabsadayaashu ay isku dayayeen inay xannibaan hawlgallada ogaanshaha iyo jawaab celinta dhinac saddexaad ee firfircoon (EDR).
Khubarada OverWatch ka dib waxay sii wadeen inay la socdaan dhaq-dhaqaaqyada hackers-ka waxayna awoodeen inay ku wargaliyaan machadka su'aasha ah horumarka jabsiga. Machadku wuu ku dhaqmi karaa kan laftiisa oo wuxuu qaadi karaa tillaabooyinka xakamaynta ee lagama maarmaanka ah wuxuuna dhejin karaa codsiga nugul.
Hackers-ka Panda Biyaha
Kooxda jabsiga Shiinaha ee Aquatic Panda waxay shaqaynaysay ilaa Maajo 2020. Budhcad-badeedyadu waxay si gaar ah diiradda u saaraan ururinta sirdoonka iyo basaaska warshadaha. Markii hore, kooxdu waxay inta badan diiradda saartay shirkadaha qaybta isgaarsiinta, qaybta tignoolajiyada iyo dawladaha.
Hackers-ku waxay inta badan adeegsadaan waxa loogu yeero qalabka Cobalt Strike, oo ay ku jiraan soo dejiyaha Cobalt Strike u gaarka ah Fishmaster. Hackers-ka Shiinaha ayaa sidoo kale isticmaala farsamooyin sida njRAt lacag-bixinta si ay u garaacaan bartilmaameedyada.
Kormeerka Log4j waa muhiim
Iyada oo laga jawaabayo dhacdadan, CrowdStrike waxay sheegtay in nuglaanta Log4j ay tahay ka faa'iidaysi halis ah oo shirkadaha iyo machadyadu ay ku fiicnaan lahaayeen inay hubiyaan oo ay sidoo kale dhejiyaan nidaamkooda u nuglaanshahan.