I-Aquatic Panda, iqela laseTshayina eliqhekezayo, lisebenzise ngokuthe ngqo ubuthathaka be-Log4j ukuhlasela iziko lezemfundo elingachazwanga. Uhlaselo lwafunyanwa kwaye lwachaswa ziingcali zogrogriso zeCrowdStrike's Overwatch.
Ngokutsho kweCrowdStrike, abahlaseli baseTshayina (belizwe) baqalise uhlaselo kwiziko lemfundo elingachazwanga ngagama besebenzisa ubungozi be-Log4j. Obu buthathaka bufunyenwe kumzekelo weVMware Horizon osemngciphekweni weziko elichaphazelekayo.
Umzekelo weVMware Horizon
Abazingeli beCrowdStrike bezoyikiso bafumene uhlaselo emva kokubona i-traffic ekrokrelayo evela kwinkqubo ye-Tomcat eqhuba phantsi komzekelo ochaphazelekayo. Bayijongile le traffic kwaye bagqiba kwi-telemetry ukuba inguqulelo elungisiweyo ye-Log4j yayisetyenziselwa ukungena kwiseva. Abahlaseli baseTshayina baqhube uhlaselo besebenzisa iprojekthi kawonke-wonke ye-GitHub epapashwe nge-13 kaDisemba.
Ukubeka iliso okuqhubekayo komsebenzi wokukhwabanisa kubonise ukuba abahlaseli be-Aquatic Panda babesebenzisa iibhinari ze-OS zendabuko ukuze baqonde amanqanaba okuxhamla kunye nezinye iinkcukacha zeenkqubo kunye nokusingqongileyo kwendawo. Iingcali zeCrowdStrike ziphinde zafumanisa ukuba abahlaseli babezama ukuvimba imisebenzi yesisombululo esisebenzayo se-third party endpoint and response (EDR) isisombululo.
Iingcali ze-OverWatch ziye zaqhubeka nokubeka iliso kwimisebenzi ye-hackers kwaye zakwazi ukugcina iziko elichaphazelekayo linolwazi ngenkqubela ye-hack. Iziko lezemfundo linokwenza ngokwalo oku kwaye lithathe amanyathelo olawulo ayimfuneko kwaye lifake izicelo ezisesichengeni.
Aquatic Panda Hackers
Iqela laseTshayina lokugqekeza i-Aquatic Panda ibisebenza ukusukela ngoMeyi ka-2020. Abaduni bajolise ngokukodwa ekuqokeleleni ubukrelekrele kunye nobuntlola kwimizi-mveliso. Ekuqaleni, iqela laligxile kakhulu kwiinkampani ezikwicandelo le-telecom, icandelo letekhnoloji kunye noorhulumente.
Abahlaseli ikakhulu basebenzisa into ebizwa ngokuba yi-Cobalt Strike seti yesixhobo, kubandakanya neyodwa iCobalt Strike downloader Fishmaster. Abahlaseli baseTshayina basebenzisa iindlela ezinje nge-njRAt yokuhlawula ukubetha iithagethi.
Ukubeka iliso kwi-Log4j kubalulekile
Ukuphendula kwesi sehlo, i-CrowdStrike ichaze ukuba ubuthathaka be-Log4j lixhoba eliyingozi kakhulu kwaye iinkampani kunye namaziko angenza kakuhle ukuba ahlole kwaye alungise iinkqubo zawo kobu buthathaka.