Wasaya daga cikin sabobin burauzar gidan yanar gizon da aka yiwa kutse

hacked kodadde wata

Marubucin mai binciken, Pale Moon, ya bayyana bayani game da samun izini mara izini ga ɗayan sabar daga burauzar gidan yanar gizo “archive.palemoon.org”, wanda ke adana bayanan tsoffin sigar binciken har zuwa na 27.6.2.

A wannan hanyar maharan sun kamu da cutar ta malware duk fayilolin aiwatarwa akan sabar tare da Masu sanya hasken watan Moon don Tagas Dangane da bayanan farko, An aiwatar da maye gurbin Malware a ranar 27 ga Disamba, 2017 kuma an gano shi ne kawai a cikin Yuli 9, 2019, wato shekara daya da rabi kenan ba a lura da su ba.

A halin yanzu an dakatar da sabar don bincike. Sabar da aka rarraba fitowar Pale Moon daga yanzu bata sha wahala ba, matsalar ta shafi tsoffin sifofin Windows ne kawai shigar daga sabar da aka riga aka bayyana (tsoffin sifofin an kaura zuwa wannan sabar lokacin da akwai sabbin sigar).

Bayan samun dama, maharan sun zazzage duk fayilolin exe masu alaƙa da Pale Moon waxanda sune masu sakawa da kuma fayiloli masu cire kansu tare da Win32 / ClipBanker.DY Trojan software da aka yi niyyar sace cryptocurrencies ta maye gurbin adiresoshin bitcoin a cikin musayar musayar.

Fayil masu aiwatarwa tsakanin fayilolin zip ba su da tasiri. Mai amfani zai iya gano canje-canje a cikin mai sakawar ta hanyar duba SHA256 da aka haɗe da hashes ko fayilolin sa hannu na dijital. Haka kuma duk shirye-shiryen riga-kafi masu dacewa sun gano nasarar da aka yi amfani da ita.

A lokacin yin kutse zuwa sabar watan Moon, marubucin mai binciken ya yi bayani dalla-dalla cewa:

“Sabar ta gudana a kan Windows kuma an ƙaddamar da ita a kan wata na’ura mai ƙaura daga mai aiki Frantech / BuyVM. "

Har yanzu ba a fayyace wane irin rauni ne aka yi amfani da shi ba ko kuma takamaiman Windows ne ko kuma ya shafi duk wani aikace-aikacen uwar garken da ke gudana.

Game da hack

A ranar 26 ga Mayu, 2019, yayin aiwatar da aiki a kan sabar maharan (ba a bayyana ba ko su maharan ne iri ɗaya kamar lokacin da aka fara fashin farko ko wasu), aikin al'ada na archive.palemoon.org ya lalace- Mai watsa shiri ya kasa sake yi kuma bayanan sun lalace.

Haɗar abubuwan rajistar tsarin an rasa, wanda zai iya haɗawa da ƙarin alamun da ke nuna yanayin harin.

A lokacin wannan hukuncin, masu gudanarwa ba su da masaniya game da sadaukarwar kuma sun dawo da aikin fayil ɗin ta amfani da sabon yanayin tushen CentOS da maye gurbin saukarwa ta hanyar FTP tare da HTTP.

Kamar yadda ba a ga abin da ya faru a sabon sabar ba, an sauya fayilolin ajiyar da tuni suka kamu da cutar.

Lokacin nazarin abubuwan da ke haifar da sasantawa, Ana tsammanin maharan sun sami damar ne ta hanyar samun kalmar sirri don asusu daga ma'aikatan da ke karɓar baƙonSamun damar isa ga sabar, kai hari ga hypervisor don sarrafa wasu injunan kama-da-kai, shiga cikin kutse cikin rukunin kulawar yanar gizo, da kutsawa cikin zaman tebur nesa-kusa.

A gefe guda, an yi imanin cewa maharan sun yi amfani da RDP ko kuma amfani da wani rauni a cikin Windows Server. An aiwatar da mugayen ayyukan a cikin gida kan sabar ta amfani da rubutun don yin canje-canje ga fayilolin zartarwa na yanzu kuma ba sake sake loda su daga waje ba.

Marubucin aikin ya tabbatar da cewa kawai yana da damar samun mai gudanarwa ga tsarin, samun damar ya iyakance ga adireshin IP da kuma cewa tsarin aiki na Windows na yau da kullun kuma an kiyaye shi daga harin waje.

A lokaci guda, ana amfani da ladabi na RDP da FTP don samun dama daga nesa kuma ana iya sakin software mai tsaro mara tsaro a kan na’urar kama-da-wane, wanda hakan na iya zama dalilin fashin.

Koyaya, marubucin Pale Moon ya fi son sigar da aka yi ta hanyar satar ta hanyar rashin isasshen kariya daga kayan aikin samar da kayan masarufi (alal misali, an yi kutse a shafin yanar gizon OpenSSL ta hanyar zaɓar kalmar sirri ta mai sayarwa da ba amintacce ta amfani da daidaitaccen tsarin sarrafa ikon )


Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.