Vazhinji vanofanirwa kurangarira kuburitswa kweNSA zvakavanzika zvekubira maturusi yakarongedzwa neboka rekubira rinozivikanwa seShadow Brokers, iro rakasvika makore anopfuura mana apfuura. Pakati pe software yakaburitswa paive nechishandiso chinonzi "EpMe," icho chinokwidziridza ropafadzo dzeWindows system iri padanho kusvika padanho remaneja wehurongwa, ichikupa kutonga kwakazara.
Maererano neshumo yakatumirwa Muvhuro ne Check Point, nguva refu kusati kwaziviswa, boka revabiribiri yakabatana neBeijing akange akwanisa kuisa maoko ake pachiitiko ichi, achichienzanisa, uye achichiishandisa mumakore.
Muna 2013, sangano rinodaidzwa kuti "Equation Group, rinozivikanwa zvikuru seboka reNSA, rakatanga kuronga zvinhu zvakawandisa, kusanganisira imwe inonzi" EpMe "inokwidziridza rombo rakanaka reWindows system kune manejimendi. .
Izvi zvinobvumira mumwe munhu kuwana mushini kudzora iyo sisitimu yese. Mu2017, huwandu hukuru hwezvishandiso zvakagadzirwa neEquation Group zvakaburitswa pamhepo neShadow Brokers.
Pakati penguva ino, Microsoft yakanzura yavo China Kukadzi Patch yeGore, yakaratidza kushushikana kwakashandiswa neEpMe (CVE-2017-0005), ndokuigadzirisa masvondo mashoma gare gare.
Zvinofanira kucherechedzwa kuti Lockheed Martin, kambani yekudzivirira nekuchengetedza yeUS, ndiye angave wekutanga kuziva nekuzivisa Microsoft nezvechikanganiso ichi, zvichiratidza kuti inogona kushandiswa kupokana nechinangwa cheUS.
Pakati pegore ra2017, Microsoft yakanyarara ichibata kushomeka kwakashandiswa naEpMe. Chekupedzisira, uyu ndiwo mutsara wenguva yenyaya yataive nayo kusvika pakuburitswa kwe Check Check mushumo neMuvhuro.
Muchokwadi, chirevo chinopa humbowo hwekuti zvinhu hazvina kunyatsoitika nenzira iyoyo. Iyo kambani yakawana kuti boka revaChinese vanoba vanozivikanwa se APT31, inozivikanwawo seZirconium kana "Kutongwa Panda", neimwe nzira aive akwanisa kuwana uye kushandisa EpMe.
Kunyanya, mushumo unofungidzira kuti pakati pa2014 na2015, APT31 yakagadzira kushandisa, iyo Check Point inonzi "Jian", ichibatanidza EpMe neimwe nzira. Ipapo ndingadai ndakashandisa chishandiso ichi kubva 2015 kusvika Kurume 2017, apo Microsoft yakagadzirisa kushushikana kwairi kurwisa.
Izvi zvaizoreva kuti APT31 yakawana mukana wekuwana EpMe, iyo 'mukana wekuwedzera', nguva refu kudonha kusati kwakonzerwa neShadow Brokers pakati pekupera kwa2016 nekutanga kwa2017.
Nyaya yeEpMe / Jian yakasarudzika nekuti isu tine humbowo hwekuti Jian akagadzirwa kubva pamuenzaniso chaiwo wekushandisa kwakasikwa neEquation Group, "akadaro Check Point mushumo. Saka vakaiwana sei? Sezvo yakadana maAPT31 masampuli makore matatu pamberi peShadow Broker kubuda, kambani inoratidza kuti iyo Equation Group inoshandisa masampuli angadai akawanikwa neAPT3 mune imwe yenzira dzinotevera:
yakatorwa panguva yeEquation Group kurwisa pane chinangwa cheChinese;
yakatorwa panguva yeEquation Boka kushanda pane yechitatu bato network iyo yakaongororwawo neAPT31;
yakatorwa neAPT31 panguva yekurwiswa kwezvivakwa zveEquation Group.
Mumwe munhu anoziva nezvenyaya iyi akati Lockheed Martin, uyo akaona kushushikana kwakashandiswa naJian mu2017, akazviwana pane network yemumwe munhu asingazivikanwe wechitatu. Munhu wacho akataura zvakare kuti network ine hutachiona yakanga isiri chikamu chekutengeswa kwaLokheed Martin, asi akaramba kugovera zvimwe.
Mune chirevo, vachipindura kuferefetwa kwaChechi Point, Lockheed Martin akati "inowanzoongorora yechitatu-bato software uye tekinoroji kuti vaone kushomeka uye nekuzvizivisa zvine mutsigo kune vanogadzira nevamwe vanobatika."
Kune rumwe rutivi, iyo NSA yakaramba kutaura nezviwanikwa zve Check Check. Zvakare, Embassy yeChina muWashington haina kupindura zvikumbiro zvekutaura. Zvisinei, kuwanikwa kunouya sezvo dzimwe nyanzvi dzichiti vasori veAmerica vanofanirwa kushandisa simba rakawanda kugadzirisa mabudiro avanowana mune software kwete kugadzira nekuisa malware kuishandisa.
Check Point inoti yakawana kuwanikwa uku nekutsvagisa zvishandiso zvekare zveWindows mukana wekukura "zvigunwe zvemunwe."
mabviro: https://blog.checkpoint.com