INobelium, iqela elisemva kohlaselo lweSolarWinds, isenomkhosi omkhulu wobuchule bokungcakaza obuphambili obukhoyo. Esi sisiphelo seengcali zokhuseleko zikaMandiant kuphononongo lwakutsha nje. Ingozi yaba-backed-backed state- hackers ayikadluli.
Kunyaka ophelileyo, abahlaseli beNobelium bakwazile ukugqekeza kwingcali yezokhuseleko yaseMelika iSolarWinds. Emva koko, abathengi abaninzi bale ngcali yokhuseleko baqhekezwa, malunga ne-18,000, kubandakanya iMicrosoft kunye norhulumente wase-US. Oku kunye nazo zonke iziphumo zayo.
Uphando olongezelelweyo malunga nemvelaphi yabahlaseli baveze ukuba abahlaseli beNobelium barhanelwa ukuba bafumana uncedo oluvela kwilizwe. Oku mhlawumbi eRashiya.
I-Nobelium yaziwa kakhulu ngamaqhinga ayo aphambili, ubuchule kunye neenkqubo, ezaziwa ngokuba yi-TTP. Endaweni yokuhlasela amaxhoba abo ngamnye, bakhetha ukukhetha inkampani enye ekhonza abathengi abaninzi. Ngokusebenzisa i-hack kwinkampani yokugqibela, abahlaseli bajonga uhlobo 'lwesitshixo senkosi' abathi emva koko 'bavule' iingcango kubathengi.
Uphando lweMandiant
Uphando lukaMandiant lubonisa ukuba i-Nobelium, kunye namaqela amabini e-hacker i-UNC3004 kunye ne-UNC2652 eyinxalenye yale ngqungquthela yokuqhekeza, baye baphucula ngakumbi imisebenzi yabo ye-TTP. Ingakumbi kuhlaselo kwi cloud abathengisi kunye nee-MSPs ukufikelela nangakumbi kumashishini.
Ubuchule obutsha babenzi bobuchwephesha kusetyenziso lweziqinisekiso ezifunyenwe ngamaphulo olwazi olubi lwe-malware yabanye abahlaseli. Ngale nto, abahlaseli beNobelium bafuna ukufikelela kokuqala kumaxhoba. Abarhwaphilizi basebenzise ii-akhawunti ezinamalungelo okulinganisa kwiSicelo ukuze "bavune" idatha ye-imeyile ebuthathaka. Abahlaseli basebenzise zombini iinkonzo zeproxy ze-IP kubathengi kunye neziseko ezitsha zengingqi ukunxibelelana namaxhoba achaphazelekayo.
Obunye ubuchule
Baphinde basebenzise ubuchule obutsha be-TTP bokudlula izithintelo zokhuseleko kwiindawo ezahlukeneyo, kubandakanywa oomatshini benyani, ukumisela ulungelelwaniso lwendlela yangaphakathi. Esinye isixhobo esisetyenzisiweyo sisikhupheli esitsha se-CEELOADER. Abahlaseli bade bakwazi nokungena kwiincwadi ezisebenzayo zeakhawunti ye-Microsoft Azure kwaye beba 'izitshixo eziphambili' ezinikezela ngokufikelela kuluhlu lwabathengi beqela elichaphazelekayo. Okokugqibela, abahlaseli bakwazile ukusebenzisa kakubi ukuqinisekiswa kwezinto ezininzi besebenzisa izaziso zokutyhala kwii-smartphones.
Abaphandi baseMandiant baqaphela ukuba abahlaseli babenomdla kakhulu kwidatha ebalulekileyo eRashiya. Ukongeza, kwezinye iimeko idatha yabiwa ukuba abaduni kwafuneka banike iingcango ezintsha zokuhlasela amanye amaxhoba.
Ingxaki eqhubekayo yeNobelium
Ingxelo iqukumbela ukuba uhlaselo lukaNobelium aluyi kuyeka kungekudala. Ngokutsho kwabaphandi, abahlaseli bayaqhubeka nokuphucula iindlela zabo zokuhlasela kunye nezakhono zokuhlala ixesha elide ngaphakathi kwamanethiwekhi amaxhoba, ukuphepha ukufunyanwa kunye nokuphazamisa imisebenzi yokubuyisela.