ZeroCleare: APT34 uye xHunt data erasure malware

ZeroClear

ari IBM chengetedzo vaongorori vakaburitswa mazuva mashoma apfuura vakaona mhuri nyowani yemarware inonzi "ZeroCleare", Yakagadzirwa neIranian hacker boka APT34 pamwechete ne xHunt, iyi malware inotungamirwa ichipesana nemaindasitiri uye magetsi zvikamu kuMiddle East. Vaongorori havaratidze mazita emakambani akabatwa, asi vakaita ongororo yemarware ku yakajeka 28-peji mushumo.

ZeroCleare inokanganisa chete Windows sezvo sezita rayo parinoritsanangura iyo nzira yehurongwa dhatabhesi (PDB) ye bhainari yayo faira inoshandiswa kuita kurwisa kunoparadza kunoisa pamusoro tenzi boot rekodhi (MBR) uye zvikamu zvemakirini eWindows akanganisa.

ZeroCleare inorondedzerwa semarware ine hunhu hwakafanana nehwa "Shamoon" (iyo malware yakataurwa nezvayo yakawanda nekuti yaishandiswa pakurwisa makambani emafuta kubva muna 2012) Kunyange hazvo Shamoon neZeroCleare vane maitiro nehunhu hwakafanana, vaongorori vanoti zviviri izvi zvakasiyana uye zvidimbu zvemarware.

Kunge Shamoon malware, ZeroCleare inoshandisa zvakare yakaomarara hard disk controller inonzi "RawDisk neElDos", kunyora pamusoro tenzi boot rekodhi (MBR) uye disk zvikamu zvemamwe makomputa anomhanya Windows.

Kunyangwe iye controller Vaviri haina kusainwa, iyo malware inokwanisa kuiisa nekukanda mutyairi weVirtualBox vari panjodzi asi vasina kusaina, vachiishandisa kuti vapfuure iyo siginicha yekumisikidza michina uye kurodha isina kusainwa ElDos mutyairi.

Iyi malware inotangwa kuburikidza nekurwiswa nechisimba kuwana mukana kune zvisina kusimba network network. Kamwe varwisi pavachabata chipenga, vanoparadzira malware kuburikidza nekambani netiweki sedanho rekupedzisira rehutachiona.

“ZeroCleare cleaner chikamu chedanho rekupedzisira rekurwisa kwese. Iyo yakagadzirirwa kuendesa mafomu maviri akasiyana, akashandurwa kuita 32-bit uye 64-bit masisitimu.

Kuyerera kwese kwezviitiko pamashini makumi matanhatu nemasere kunosanganisira kushandisa mutyairi akasaina akasvinuka wobva waishandisa pachinhu chakanangwa kubvumidza ZeroCleare kupfuura Windows windows kubvisa denderedzwa uye kupfuura mamwe masisitimu anoshanda anodzivirira madhiraivha Asina kusaina anomhanya pa64-bit michina ', inoverenga iyo IBM mushumo.

Wokutanga kutonga muketani iyi anonzi soy.exe uye iri rakashandurwa vhezheni yeTurla mutyairi mutoro. 

si-zerocleareflow-chati

Mutungamiriri iyeye anoshandiswa kurodha isina njodzi vhezheni yeVirtualBox controller, Vanorwiswa nevanoshandisa kurodha mutyairi weEldoS RawDisk. RawDisk chishandiso chepamutemo chinoshandiswa kudyidzana nemafaira uye zvikamu, uye zvakare yaishandiswa nevaShamoon varwisi kuwana iyo MBR.

Kuti uwane mukana kuchinhu chekushandisa, ZeroCleare inoshandisa mutyairi ane chinangwa nemaoko uye PowerShell / Batch zvinyorwa zvinokuvadza kupfuura maWindows. Nekuwedzera aya maitiro, ZeroCleare yakapararira kumidziyo yakawanda padandemutande rakakanganiswa, ichidyara mhodzi yekuparadza kunogona kukanganisa zviuru zvemidziyo uye kukonzeresa kutorwa kunogona kutora mwedzi kupora zvizere, "

Kunyange zvakadaro mazhinji eAPT mishandirapamwe vatsvagiri vanofumura tarisa kune cyber espionage mamwe emapoka akafanana anoitawo mabasa ekuparadza. Nhoroondo, mazhinji eaya mashandiro akaitika kuMiddle East uye akatarisa kumakambani emagetsi nenzvimbo dzekugadzira, izvo zvakakosha midziyo yenyika.

Kunyangwe ivo vaongorori vasina kusimudza mazita eimwe sangano 100% iyo inonzi iyi malware inonzi, pakutanga vakati ivo APT33 vakapinda mukugadzirwa kweZeroCleare.

Uye gare gare IBM yakataura kuti APT33 neAPT34 zvakagadzira ZeroCleare, asi nguva pfupi mushure mekunge gwaro raburitswa, humbowo hwachinja kuva xHunt neAPT34, uye vaongorori vakabvuma kuti vaive vasiri zana muzana.

Sekureva kwevaongorori. ZeroCleare kurwisa hakusi mukana uye zvinoita kunge mashandiro anotungamirwa kunopesana nemasangano nemasangano.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako