Microsoft v. SVR. Nei yakavhurwa sosi inofanirwa kuve yakajairwa

Microsoft vs. SVR

Inogona kunge iri Tom Clancy inoverengeka kubva kuNetForce nhevedzano, asi ibhuku yakanyorwa neMutungamiriri weMicrosoft Brad Smith mumutero kwaari nekambani yake. Zvisinei, kana munhu akaverenga pakati pemitsara (zvirinani mu iyo yakatorwa kune iyo portal yaive nekuwana) uye inoparadzanisa pache yega kumashure uye zvimiti kune vakwikwidzi, izvo zvasara zvinonakidza uye zvinodzidzisa. Uye, mumaonero angu ekuzvininipisa, muenzaniso wezvakanaka zvemahara software uye yakavhurika sosi modhi.

Hunhu

Yese spy novel inoda "munhu akaipa" uye, mune ino kesi hatina chakaderera pane iyo SVR, rimwe remasangano akatsiva KGB mushure mekupunzika kweUSSR. Iyo SVR inobata neese mabasa ehungwaru anoitwa kunze kwemuganhu weRussia Federation. Iye "asina mhosva akabatwa" aive SolarWinds, kambani inogadzira network manejimendi software.Iyo inoshandiswa nemakambani makuru, mamaneja akakosha ezvivakwa, uye vamiriri vehurumende yeUS. Ehe, isu tinoda gamba. Mune ino kesi, sekureva kwavo, iri Microsoft's Threat Intelligence department.

Zvingaitwe sei neimwe nzira, mune yekubiridzira nyaya, iyo "yakaipa" uye iyo "yakanaka" iine alias. Iyo SVR ndeye Yttrium (Yttrium). KuMicrosoft, vanoshandisa zvinhu zvisingawanzoitika patafura ye periodic sezita rekodhi kune zvingangoitika zvekutyisidzira. Dhipatimendi Rokutyisidzira Njere ndeye MSTIC yezita rayo rinoreva kuChirungu, kunyangwe mukati vanoriidza risinganzwisisike (rakavanzika) rekufananidzwa kwefoni. Pano, kuitira nyore, ini ndinoshandisa aya mazwi.

Microsoft v. SVR. Chokwadi

Musi waNovember 30, 2020, FireEye, imwe yemakambani makuru ekuchengetedza makomputa muUS, inoona kuti yakanga yatyorwa nekuchengetedzwa mumaseva ayo. Sezvo ivo vakatadza kuzvigadzirisa ivo pachavo (ndine hurombo, asi handigoni kurega kuti "imba yemupfuri, banga remuti") vakafunga kukumbira nyanzvi dzaMicrosoft kuti vabatsirwe. Sezvo MSTIC yanga ichitevera mumakwara eYttrium, uyeIvo vaive nekukasira kunyumwira maRussia, kuongororwa kwakazosimbiswa nevakuru vekuUS intelligence services.

Sezvo mazuva akafamba, kurwiswa kwakawanikwa kuri kunanga makomputa akaomarara pasi rese, kusanganisira Microsoft pachayo. Sekureva kwenhepfenyuro, hurumende yeUnited States zviri pachena kuti ndiyo yakanyanya kurwiswa, pamwe neDhipatimendi reMari, Dhipatimendi reHurumende, Dhipatimendi reCommerce, Dhipatimendi reMagetsi uye zvimwe zvikamu zvePentagon. Izvi zvinosanganisira mamwe makambani ehunyanzvi, makambani ehurumende, matangi ekufunga uye yunivhesiti. Kurwiswa uku hakuna kungoitirwa United States chete nekuti yaibata Canada, United Kingdom, Belgium, Spain, Israel neUnited Emirates. Mune zvimwe zvezviitiko, kupinda mukati metiweki kwakagara kwemwedzi yakati wandei.

Kwakatangira

Izvo zvese zvakatanga nenetiweki manejimendi software inonzi Orion uye yakagadzirwa nekambani inonzi SolarWinds. Iine vanopfuura makumi matatu neshanu emakambani vatengi yepamusoro-soro, varwisi vaingofanirwa kuisa malware mune yekuvandudza.

Kamwe yaiswa, iyo malware yakabatana kune izvo zvinonyatso kuzivikanwa semutemo uye kutonga (C2) server. Iyo C2 e serverYakagadzirirwa kupa makomputa akabatana mabasa sekukwanisa kuendesa mafaera, kuita mirairo, kumisikidza muchina, uye kudzima masevhisi ehurongwa. Mune mamwe mazwi, vamiririri veYttrium vakawana mukana wakazara kunetiweki yeavo vaive vaisa chirongwa cheOrion.

Tevere ini ndiri kuenda kunotora chirevo chirevo kubva kuchinyorwa chaSmith

Hazvina kutora nguva kuti isu tizive

kukosha kwekushanda pamwe chete kwehunyanzvi mumaindasitiri uye nehurumende
kubva kuUnited States. Mainjiniya kubva kuSolarWinds, FireEye, uye Microsoft vakatanga kushanda pamwechete nekukasira. Iwo maFireEye neMicrosoft zvikwata zvaizivana chaizvo, asi SolarWinds yaive kambani diki yakatarisana nedambudziko rakakura, uye zvikwata zvaifanirwa kukurumidza kuvaka kuvimba kana zvichizobudirira.
SolarWinds mainjiniya akagovana kodhi yekodhi yekuvandudza kwavo nemapoka ekuchengetedza emamwe makambani maviri,
iyo yakaratidza kodhi yekodhi yemarware pachayo. Timu dzehunyanzvi kubva kuhurumende yeUS dzakakurumidza kumhanyisa kuita, kunyanya kuNational Security Agency (NSA) uye neCybersecurity uye Infrastructure Security Agency (CISA) yeDhipatimendi reHomeland Security.

Zvakakosha ndezvangu. Izvo zvekushandira pamwe uye kugovana kodhi yekodhi. Izvo hazviite sechinhu kwauri here?

Mushure mekuvhura musuwo wekumashure, iyo malware yakanga isingashande kwemavhiki maviri, kunzvenga kugadzira maratidziro eruzhinji eruzhinji ayo anozopa manejimendi. PMunguva iyi, yakatumira ruzivo nezve netiweki yakanga yatapura rairo uye yekudzora server. iyo varwadzi vaive nayo neGoDaddy inomubata mupi.

Kana zvirimo zvainakidza Yttrium, varwisi vakapinda nemusuwo wekumashure uye vakaisa yekuwedzera kodhi pane yakarwiswa server kuti ibatanidze kune wechipiri rairo uye yekudzora server. Iyi yechipiri sevha, yakasarudzika kune mumwe neumwe akabatwa kuti abatsire kunzvenga kuona, yakanyoreswa uye inogarwa mune yechipiri data centre, kazhinji muAmazon Web Services (AWS) gore.

Microsoft v. SVR. Tsika

Kana iwe uchifarira kuziva kuti magamba edu akapa sei vavaki vavo izvo zvakavafanira, mundima dzekutanga iwe une zvinongedzo kune izvo zvinyorwa. Ini ndichasvetuka ndakananga kuti sei ini ndichinyora nezve izvi pane Linux blog. Kusangana kweMicrosoft neSVR kunoratidza kukosha kwekuti kodhi iwanikwe kuti iongororwe, uye kuti ruzivo irworwo.

Ichokwadi, sekuzivikanwa kwenyanzvi yekuchengetedzwa kwemakomputa mangwanani ano, kuti hazvibatsiri kuti kodhi ivhurike kana pasina munhu anonetseka kuiongorora. Iko kune iyo Heartbleed kesi yekuzviratidza. Asi, ngatidzokerei. 38000 yepamusoro-magumo vatengi vakasaina kune yavo proprietary software. Vanoverengeka vavo vakaisa malware kugadzirisa ayo akaburitsa pachena ruzivo uye akapa masimba kuzvinhu zvine hukasha zvezvivakwa zvakakosha. Iyo inotarisira kambani Akangoita kuti kodhi iwanikwe kune nyanzvi apo aive nemvura muhuro make. Kana vatengesi ve software vezvinonetsa zviwanikwa uye vatengi vane hanya vaidikanwa Kuburitsa software yako uine marezinesi akavhurika, sezvo uine anogara kodhi odhita (kana wekunze agency anoshandira akati wandei) njodzi yekurwiswa senge SolarWinds ingave yakaderera zvakanyanya.


Mhinduro, siya zvako

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   Diego Vallejo chinobata mufananidzo akadaro

    Kwete kare kare, M $ akapomera munhu wese aishandisa mahara software yemakomunist, senge mune yakaipa yeMcCarthyism.