Ó¢¹úÓÊÕþ¹«Ë¾Royal Mail͸¶ÆäÔâµ½LockBitÀÕË÷¹¥»÷

Ðû²¼Ê±¼ä 2023-01-13
1¡¢Ó¢¹úÓÊÕþ¹«Ë¾Royal Mail͸¶ÆäÔâµ½LockBitÀÕË÷¹¥»÷

      

¾ÝýÌå1ÔÂ12ÈÕ±¨µÀ £¬£¬£¬£¬Ó¢¹ú×î´óµÄÓÊÕþЧÀÍRoyal MailÔâµ½ÓëLockBitÀÕË÷Èí¼þÓйصĹ¥»÷¡£¡£¡£1ÔÂ11ÈÕ £¬£¬£¬£¬Royal Mail͸¶³ÆÆäÔâµ½ÁËÍøÂç¹¥»÷ £¬£¬£¬£¬¹ú¼Êº½ÔËЧÀÍÊܵ½ÁËÓ°Ïì¡£¡£¡£ËäÈ»¸Ã¹«Ë¾²¢Î´Í¸Â¶¹ØÓÚ¹¥»÷µÄÈκÎϸ½Ú £¬£¬£¬£¬µ«¡¶ÖðÈÕµçѶ±¨¡·ÔÚ1ÔÂ12ÈÕ±¨µÀ³Æ £¬£¬£¬£¬ÏÖÔÚÒÑÈ·ÈϹ¥»÷À´×ÔLockBit £¬£¬£¬£¬»òÕßÓй¥»÷ÕßʹÓÃÁËËûÃǵļÓÃܳÌÐò¡£¡£¡£¹¥»÷»î¶¯¼ÓÃÜÁ˹ú¼ÊÔËÊäµÄ×°±¸ £¬£¬£¬£¬²¢ÔÚÓÃÓÚº£¹Ø±¸°¸µÄ´òÓ¡»úÉÏ´òÓ¡Êê½ð¼Í¼¡£¡£¡£


https://www.bleepingcomputer.com/news/security/royal-mail-cyberattack-linked-to-lockbit-ransomware-operation/


2¡¢Vice SocietyÉù³Æ¶Ô°Ä´óÀûÑÇÏû·À¶ÓÔâµ½µÄ¹¥»÷ÈÏÕæ

      

ýÌå1ÔÂ12ÈÕ³Æ £¬£¬£¬£¬ÀÕË÷ÍÅ»ïVice SocietyÉù³Æ¶Ô°Ä´óÀûÑÇÏû·À¶Ó(FRVP)Ôâµ½µÄ¹¥»÷ÈÏÕæ¡£¡£¡£¹¥»÷±¬·¢ÔÚ2022Äê12ÔÂ15ÈÕ £¬£¬£¬£¬Ôì³ÉÁËÆÕ±éÇÒÒ»Á¬µÄITЧÀÍÖÐÖ¹ £¬£¬£¬£¬µ«²¢Î´Ó°Ïì¸Ã»ú¹¹µÄÓ¦¼±ÏìӦЧÀÍ¡£¡£¡£±ðµÄ £¬£¬£¬£¬FRVÌåÏÖºÚ¿Í»¹ÇÔÈ¡ÁËÆäÅÌËã»úÖеÄÊý¾Ý £¬£¬£¬£¬°üÀ¨Ô±¹¤¡¢³Ð°üÉÌ¡¢½èµ÷Ö°Ô±ºÍÇóÖ°ÕßµÄÐÅÏ¢¡£¡£¡£1ÔÂ10ÈÕ £¬£¬£¬£¬Vice SocietyÔÚÆäÍøÕ¾ÁгöÁËFRV £¬£¬£¬£¬»¹Ðû²¼ÁËÖ¸Ïò±»µÁÊý¾ÝµÄÁ´½Ó £¬£¬£¬£¬µ«¸ÃÁ´½ÓÏÖÔÚÊÇÎÞЧµÄ¡£¡£¡£×î½ü £¬£¬£¬£¬¹¥»÷ÕßÒѸÄÓÃÒ»ÖÖеÄ×Ô½ç˵¼ÓÃÜÆ÷PolyVice¡£¡£¡£


https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-australian-firefighting-service/


3¡¢GootloaderʹÓÃVLCµÈ¹¤¾ß¹¥»÷°Ä´óÀûÑÇÒ½ÁƱ£½¡ÐÐÒµ

      

Trend MicroÔÚ1ÔÂ9ÈÕÅû¶Á˶ñÒâÈí¼þGootkit Loader£¨ÓÖÃû Gootloader£©Õë¶Ô°Ä´óÀûÑÇÒ½ÁƱ£½¡ÐÐÒµµÄ»î¶¯¡£¡£¡£¹¥»÷ʼÓÚ2022Äê10Ô £¬£¬£¬£¬Ê¹ÓÃÁËSEOÖж¾¾ÙÐгõʼ»á¼û²¢ÀÄÓÃVLCýÌå²¥·ÅÆ÷µÈÕýµ±¹¤¾ß¡£¡£¡£Ñо¿Ö°Ô±·¢Ã÷µÄÑù±¾Ê¹ÓÃÁËÒªº¦´ÊÒ½Ôº¡¢¿µ½¡¡¢Ò½ÁÆºÍÆóҵЭÒé £¬£¬£¬£¬²¢Óë°Ä´óÀûÑǶ¼»áÃû³ÆÅä¶Ô¡£¡£¡£¸Ã»î¶¯Ö¼ÔÚÔÚÄ¿µÄ×°±¸ÉÏ×°ÖÃCobalt Strike¿ª·¢¹¤¾ß°ü £¬£¬£¬£¬ÒÔ±ã½øÈëÆóÒµÍøÂç¡£¡£¡£


https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html


4¡¢Ñо¿Ö°Ô±Åû¶Scattered SpiderÈÆ¹ýÇå¾²¼ì²âµÄÒªÁì

      

¾Ý1ÔÂ10ÈÕ±¨µÀ £¬£¬£¬£¬Scattered SpiderÊÔͼÔÚBYOVD¹¥»÷ÖÐ×°ÖÃÓ¢ÌØ¶ûÒÔÌ«ÍøÕï¶ÏÇý¶¯³ÌÐò £¬£¬£¬£¬À´ÈƹýEDRÇå¾²²úÆ·µÄ¼ì²â¡£¡£¡£CrowdStrike±¨¸æ³Æ £¬£¬£¬£¬¸ÃÍÅ»ïʵÑéʹÓÃÓ¢ÌØ¶ûÒÔÌ«ÍøÕï¶ÏÇý¶¯³ÌÐòÖеÄÒ»¸ö¸ßΣÎó²î£¨CVE-2015-2291£© £¬£¬£¬£¬Ëü¿Éͨ¹ýÌØÖÆÅ²ÓÃÒÔÄÚºËȨÏÞÖ´ÐÐí§Òâ´úÂë¡£¡£¡£Ö»¹ÜËüÒÑÓÚ2015ÄêÐÞ¸´ £¬£¬£¬£¬µ«Í¨¹ýÔÚÄ¿µÄ×°±¸ÖÐÖ²Èë¾É°æ±¾ £¬£¬£¬£¬ÎÞÂÛÄ¿µÄÓ¦ÓÃÁËʲô¸üй¥»÷Õß¶¼¿ÉÒÔʹÓøÃÎó²î¡£¡£¡£¹¥»÷ÕßʹÓõÄÇý¶¯³ÌÐòÊÇÓÉ´ÓNVIDIAºÍGlobal Software LLCµÈÊðÃû»ú¹¹ÇÔÈ¡µÄÖ¤Êé¾ÙÐÐÊðÃû £¬£¬£¬£¬Òò´ËWindows²»»á×èÖ¹Ëü¡£¡£¡£


https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic/


5¡¢°ü¹Ü¹«Ë¾AflacÈÕÌìÖ°¹«Ë¾³ÆÆä100¶àÍò¿Í»§µÄÐÅϢй¶

      

ýÌå1ÔÂ11ÈÕ±¨µÀ³Æ £¬£¬£¬£¬°ü¹Ü¹«Ë¾AflacÈÕÌìÖ°¹«Ë¾Í¸Â¶Æä100¶àÍò¿Í»§µÄÐÅϢй¶¡£¡£¡£1ÔÂ9ÈÕ £¬£¬£¬£¬¸Ã¹«Ë¾»ñϤÆä¿Í»§µÄÐÅÏ¢±»Ðû²¼ÔÚÒ»¸öÐÅÏ¢Ð¹Â¶ÍøÕ¾ÉÏ £¬£¬£¬£¬¾­È·ÈÏÊý¾ÝÀ´×ÔÆäµÚÈý·½Ð§ÀÍÌṩÉÌ¡£¡£¡£¸ÃÊÂÎñÓ°ÏìÁ˶©¹ºÓë°©Ö¢Ïà¹ØµÄ°ü¹ÜµÄ1323468¸ö¿Í»§ £¬£¬£¬£¬Êý¾Ý×ÜÊýΪ3158199Ìõ £¬£¬£¬£¬Éæ¼°ÐÕÃû¡¢ÄêËê¡¢ÐԱ𡢱£µ¥ºÅÂë¡¢°ü¹Ü½ð¶îºÍ°ü¹Ü·ÑµÈ¡£¡£¡£Óë´Ëͬʱ £¬£¬£¬£¬ÈðÊ¿°ü¹Ü¹«Ë¾ËÕÀèÊÀÒ²ÈÏ¿ÉÆäÁè¼Ý200ÍòÈÕ±¾¿Í»§µÄÊý¾ÝÒѾ­Ð¹Â¶¡£¡£¡£


https://www.theregister.com/2023/01/11/japan_aflac_zurich_data_breaches/


6¡¢AvastÐû²¼¹ØÓÚNeedleDropperµÄÊÖÒÕÆÊÎö±¨¸æ

      

1ÔÂ11ÈÕ £¬£¬£¬£¬AvastÐû²¼Á˹ØÓÚNeedleDropperµÄÊÖÒÕÆÊÎö±¨¸æ¡£¡£¡£NeedleDropper²»µ«ÊÇÒ»¸ö¼òµ¥µÄ¿ÉÖ´ÐÐÎļþ £¬£¬£¬£¬ËüЯ´ø¶à¸öÎļþ £¬£¬£¬£¬ÕâЩÎļþÒ»Æð½¨Éè¶ñÒâµÄÖ´ÐÐ £¬£¬£¬£¬ÌáÈ¡ÎļþÒÔ½âÃܺÍ×¢Èë¶ñÒâ´úÂë¡£¡£¡£¸Ã¶ñÒâÈí¼þ̫ͨ¹ý·¢¶à¸öδʹÓõÄÎÞЧÎļþÀ´Òþ²Ø×Ô¼º £¬£¬£¬£¬²¢½«Ö÷ÒªÊý¾Ý´æ´¢ÔÚÊýMB²»Ö÷ÒªµÄÊý¾ÝÖ®¼ä £¬£¬£¬£¬»¹Ê¹ÓÃÕýµ±Ó¦ÓÃÀ´Ö´ÐС£¡£¡£NeedleDropperËÆºõÊÇÒ»¸öеĶñÒâÈí¼þϵÁÐ £¬£¬£¬£¬Ê¹Óá°-as-a-service¡±µÄÉÌҵģʽ £¬£¬£¬£¬ÔÚºÚ¿ÍÂÛ̳ÉϳöÊÛ¸øÆäËü¹¥»÷Õß £¬£¬£¬£¬ÒÔÒþ²Ø×îÖÕµÄpayload¡£¡£¡£Avast³Æ £¬£¬£¬£¬×èÖ¹ÏÖÔÚËüÒÑ×èÖ¹ÁËÁè¼Ý30000´Î´ËÀ๥»÷ʵÑé¡£¡£¡£


https://decoded.avast.io/threatresearch/needledropper/