Çå¾²¹«Ë¾LogicMonitor͸¶Æä²¿·Ö¿Í»§Ôâµ½ÍøÂç¹¥»÷

Ðû²¼Ê±¼ä 2023-09-05

1¡¢Çå¾²¹«Ë¾LogicMonitor͸¶Æä²¿·Ö¿Í»§Ôâµ½ÍøÂç¹¥»÷


¾ÝýÌå8ÔÂ31ÈÕ±¨µÀ£¬ £¬£¬£¬£¬£¬£¬ÍøÂçÇå¾²¹«Ë¾LogicMonitor͸¶£¬ £¬£¬£¬£¬£¬£¬ÆäSaaSƽ̨µÄ²¿·ÖÓû§Ôâµ½¹¥»÷¡£¡£¡£¡£ ¡£LogicMonitorÔÚ¸üÐÂÖÐ³ÆÆä·¢Ã÷us-west-2¡¢us-east-1ºÍeu-west-1µÄ²¿·Ö¿Í»§µÄÃÅ»§»á¼ûȨÏÞɥʧ£¬ £¬£¬£¬£¬£¬£¬ÏÖÔÚ¸ÃÎÊÌâÒÑ»ñµÃ½â¾ö¡£¡£¡£¡£ ¡£¹«Ë¾Ã»ÓÐ˵Ã÷ÊÇÀÕË÷¹¥»÷£¬ £¬£¬£¬£¬£¬£¬µ«¾ÝÐÂÎÅÈËÊ¿³Æ£¬ £¬£¬£¬£¬£¬£¬¹¥»÷ÕßÈëÇÖÁ˿ͻ§ÕÊ»§£¬ £¬£¬£¬£¬£¬£¬Äܹ»½¨ÉèÍâµØÕÊ»§²¢×°ÖÃÀÕË÷Èí¼þ¡£¡£¡£¡£ ¡£ÀÕË÷Èí¼þÊÇʹÓÃ¸ÃÆ½Ì¨µÄÍâµØLogicMonitor Collector´«¸ÐÆ÷°²Åŵģ¬ £¬£¬£¬£¬£¬£¬´Ë´«¸ÐÆ÷¼à¿ØÓû§»ù´¡ÉèÊ©£¬ £¬£¬£¬£¬£¬£¬µ«Ò²¾ßÓо籾¹¦Ð§¡£¡£¡£¡£ ¡£¾ÝϤ£¬ £¬£¬£¬£¬£¬£¬ÊÜÓ°Ïì¿Í»§Ê¹ÓÃÁËLogicMonitor·ÖÅɸøÐÂÓû§µÄĬÈÏÈõÃÜÂ룬 £¬£¬£¬£¬£¬£¬Òò¶øÔâµ½Á˹¥»÷¡£¡£¡£¡£ ¡£


https://www.bleepingcomputer.com/news/security/logicmonitor-customers-hacked-in-reported-ransomware-attacks/


2¡¢°ü¹Ü¹«Ë¾Trygg-Hansaй¶65Íò¿Í»§Êý¾Ý±»·£¿£¿£¿£¿î300ÍòÃÀÔª


9ÔÂ4ÈÕýÌ峯£¬ £¬£¬£¬£¬£¬£¬°ü¹Ü¹«Ë¾Trygg-HansaÒòй¶65Íò¿Í»§µÄÊý¾Ý£¬ £¬£¬£¬£¬£¬£¬±»ÈðµäÒþ˽±£»£»£»£»£» £»£»¤¾Ö(IMY)·£¿£¿£¿£¿î300ÍòÃÀÔª¡£¡£¡£¡£ ¡£Moderna F?rs?kringar£¨ÏÖΪTrygg-HansaµÄÒ»²¿·Ö£©µÄ¿Í»§·¢Ã÷¿Éͨ¹ý·¢Ë͸ø¿Í»§µÄ±¨¼ÛÒ³ÃæÉϵÄÁ´½Ó½øÈë°ü¹Ü¹«Ë¾µÄºǫ́£¬ £¬£¬£¬£¬£¬£¬²¢ÏòIMY¾Ù±¨ÁË´ËÊ¡£¡£¡£¡£ ¡£IMYÊÓ²ìÈ·ÈÏ£¬ £¬£¬£¬£¬£¬£¬ÎÞÐèÉí·ÝÑéÖ¤¼´¿É»á¼ûºó¶ËÊý¾Ý¿â£¬ £¬£¬£¬£¬£¬£¬²¢ÇÒ¿ÉÒÔͨ¹ýÐÞ¸ÄURLÖеÄÒ»Á¬¿Í»§¶ËIDÀ´ä¯ÀÀÆäËûСÎÒ˽¼ÒµÄÎĵµ¡£¡£¡£¡£ ¡£¸ÃÊÂÎñÓ°ÏìÔ¼ÁË650000Ãû¿Í»§£¬ £¬£¬£¬£¬£¬£¬Ð¹Â¶Ê±¼ä³¤´ïÁ½Äê¶à£¬ £¬£¬£¬£¬£¬£¬´Ó2018Äê10ÔÂÖÁ2021Äê2Ô¡£¡£¡£¡£ ¡£IMYÌåÏÖ£¬ £¬£¬£¬£¬£¬£¬ÔÚÊÕµ½ÓйØÎó²îµÄ±¨¸æºó¸Ã¹«Ë¾Ê¼ÖÕδÄܽâ¾öÎÊÌ⣬ £¬£¬£¬£¬£¬£¬¾öÒé¶Ô´Ë´¦ÒÔ300ÍòÃÀÔªÐÐÕþ´¦·Ö¡£¡£¡£¡£ ¡£


https://www.bleepingcomputer.com/news/security/insurer-fined-3m-for-exposing-data-of-650k-clients-for-two-years/


3¡¢Interlab·¢Ã÷ʹÓÃľÂíSuperBearÕë¶Ôº«¹úµÄ¹¥»÷»î¶¯


InterlabÔÚ9ÔÂ1ÈÕ³ÆÆä·¢Ã÷ÁËÕë¶Ôº«¹úÃñ¼äÕûÌåµÄ´¹ÂÚ¹¥»÷£¬ £¬£¬£¬£¬£¬£¬Ê¹ÓÃÁËÐÂÐÍRAT SuperBear¡£¡£¡£¡£ ¡£¾ÝϤ£¬ £¬£¬£¬£¬£¬£¬Ò»ÃûÐÂÎÅÊÂÇéÕßÊÕµ½ÓÐÕë¶ÔÐԵĴ¹ÂÚÓʼþ£¬ £¬£¬£¬£¬£¬£¬ÆäÖаüÀ¨¶ñÒâLNKÎļþ¡£¡£¡£¡£ ¡£LNKÎļþ»áÆô¶¯PowerShellÏÂÁîÀ´Ö´ÐÐVB¾ç±¾£¬ £¬£¬£¬£¬£¬£¬¸Ã¾ç±¾ÓÖ»á´ÓWordPressÍøÕ¾»ñÈ¡ÏÂÒ»½×¶Îpayload£¬ £¬£¬£¬£¬£¬£¬°üÀ¨Ò»¸öAutoit3.exe¶þ½øÖÆÎļþºÍÒ»¸öAutoIt¾ç±¾¡£¡£¡£¡£ ¡£AutoIt¾ç±¾Ê¹ÓÃÀú³ÌÆÓªÊÖÒÕÖ´ÐÐÀú³Ì×¢È룬 £¬£¬£¬£¬£¬£¬ÔÚÕâÖÖÇéÐÎÏ£¬ £¬£¬£¬£¬£¬£¬»áÌìÉúÒ»¸öExplorer.exeʵÀýÀ´×¢ÈëSuperBear¡£¡£¡£¡£ ¡£¸ÃRAT¿ÉÇÔÈ¡Êý¾Ý£¬ £¬£¬£¬£¬£¬£¬ÏÂÔØ²¢ÔËÐÐÆäËüshellÏÂÁîºÍ¶¯Ì¬Á´½Ó¿â(DDL)¡£¡£¡£¡£ ¡£


https://interlab.or.kr/archives/19416


4¡¢Labyrinth ChollimaÊǽüÆÚVMConnect¹¥»÷µÄÄ»ºóºÚÊÖ


¾Ý8ÔÂ31ÈÕ±¨µÀ£¬ £¬£¬£¬£¬£¬£¬ReversingLabs½«VMConnect»î¶¯ÓëLazarusµÄ×ÓÍÅ»ïLabyrinth ChollimaÁªÏµÆðÀ´¡£¡£¡£¡£ ¡£8Ô³õ£¬ £¬£¬£¬£¬£¬£¬Ñо¿Ö°Ô±·¢Ã÷ÁËÒ»¸ö¶ñÒ⹩ӦÁ´»î¶¯¡°VMConnect¡±£¬ £¬£¬£¬£¬£¬£¬ÏòPyPI´æ´¢¿âÉÏ´«ÁËÁ½´ò¶ñÒâPython°ü¡£¡£¡£¡£ ¡£ÏÖÔÚÓÖ·¢Ã÷ÁËÁíÍâÈý¸ö¶ñÒâ°ü£¬ £¬£¬£¬£¬£¬£¬tablediter¡¢request-plusºÍrequestspro£¬ £¬£¬£¬£¬£¬£¬ËüÃDZ»ÒÔΪÊÇVMConnect»î¶¯µÄ¼ÌÐø¡£¡£¡£¡£ ¡£Ñо¿Ö°Ô±½«Æä¹éÒòÓÚLabyrinth ChollimaÊÇ»ùÓÚÕâЩ»î¶¯ÖÐʹÓõĶñÒâ´úÂëµÄÏàËÆÐÔ¡£¡£¡£¡£ ¡£


https://securityaffairs.com/150197/apt/labyrinth-chollima-pypi-supply-chain-attacks.html


5¡¢Group-IBÐû²¼¹ØÓÚClassiscam¹¥»÷»î¶¯µÄÆÊÎö±¨¸æ


8ÔÂ31ÈÕ£¬ £¬£¬£¬£¬£¬£¬Group-IBÐû²¼Á˹ØÓÚClassiscamÔÚÈ«Çò¹æÄ£ÄÚ¹¥»÷»î¶¯µÄÆÊÎö±¨¸æ¡£¡£¡£¡£ ¡£±¨¸æ³Æ£¬ £¬£¬£¬£¬£¬£¬Classiscamͨ¹ýÓÕÆ­·ÖÀà¹ã¸æÍøÕ¾Óû§²¢ÇÔÈ¡ËûÃǵÄ×ʽðºÍÖ§¸¶¿¨ÏêϸÐÅÏ¢£¬ £¬£¬£¬£¬£¬£¬ÒÑ׬ȡÁË6450ÍòÃÀÔª¡£¡£¡£¡£ ¡£Ä¿µÄÆ·ÅÆµÄÊýĿҲ´ÓÈ¥ÄêµÄ169¸öÔöÌíµ½251¸ö£¬ £¬£¬£¬£¬£¬£¬ÏÖÔÚÓÐ393¸ö¹¥»÷ÍÅ»ïÕë¶Ô79¸ö¹ú¼ÒµÄÓû§£¬ £¬£¬£¬£¬£¬£¬ÓÐ1366¸öTelegramƵµÀ¾ÙÐÐЭµ÷¡£¡£¡£¡£ ¡£Å·ÖÞÔâµ½µÄ¹¥»÷×î¶à£¬ £¬£¬£¬£¬£¬£¬ÆäÖе¹ú±»¹¥»÷Óû§×î¶à£¬ £¬£¬£¬£¬£¬£¬Æä´ÎÊDz¨À¼¡¢Î÷°àÑÀ¡¢Òâ´óÀûºÍÂÞÂíÄáÑÇ¡£¡£¡£¡£ ¡£Ó¢¹úÓû§µÄƽ¾ùËðʧ½ð¶î×î¸ß£¬ £¬£¬£¬£¬£¬£¬Îª865ÃÀÔª£¬ £¬£¬£¬£¬£¬£¬¶øÈ«Çòƽ¾ùˮƽΪ353ÃÀÔª¡£¡£¡£¡£ ¡£


https://www.group-ib.com/blog/classiscam-2023/


6¡¢FortiGuardÐû²¼¹ØÓÚÀÕË÷Èí¼þRhysidaµÄ×ÛÊö±¨¸æ


8ÔÂ31ÈÕ£¬ £¬£¬£¬£¬£¬£¬FortiGuardÐû²¼Á˹ØÓÚÀÕË÷Èí¼þRhysidaµÄ×ÛÊö±¨¸æ¡£¡£¡£¡£ ¡£RhysidaÊÇÒ»¸öеÄÀÕË÷ÍŻ £¬£¬£¬£¬£¬£¬ËüʹÓÃRaaSÄ£×Ó£¬ £¬£¬£¬£¬£¬£¬µÚÒ»¸öÑù±¾ÓÚ5ÔÂÌá½»µ½¹«¹²ÎļþɨÃèЧÀÍ¡£¡£¡£¡£ ¡£RhysidaÒÀÀµ´¹ÂÚ¹¥»÷×÷ÎªÑ¬È¾ÔØÌ壬 £¬£¬£¬£¬£¬£¬¹¥»÷Õß»¹Ê¹ÓÃCobalt StrikeÔÚÄ¿µÄÍøÂçÄÚºáÏòÒÆ¶¯²¢×ª´ïpayload¡£¡£¡£¡£ ¡£¸ÃÍÅ»ïÒÑÁгö41¸ö±»¹¥»÷Ä¿µÄ£¬ £¬£¬£¬£¬£¬£¬ÆäÖÐÁè¼ÝÒ»°ëλÓÚÅ·ÖÞ£¬ £¬£¬£¬£¬£¬£¬Æä´ÎÊDZ±ÃÀ¡£¡£¡£¡£ ¡£¹¥»÷Ö÷ÒªÕë¶Ô½ÌÓýÐÐÒµ£¨Õ¼±È30%ÒÔÉÏ£©£¬ £¬£¬£¬£¬£¬£¬Æä´ÎÊÇÖÆÔìÒµ¡¢Õþ¸®»ú¹¹ºÍITÐÐÒµ¡£¡£¡£¡£ ¡£


https://www.fortinet.com/blog/threat-research/ransomware-roundup-rhysida