¼ÓÄô󺽿յÄϵͳ±»ÈëÇÖ²¿·ÖÔ±¹¤µÄСÎÒ˽¼ÒÐÅϢй¶
Ðû²¼Ê±¼ä 2023-09-251¡¢¼ÓÄô󺽿յÄϵͳ±»ÈëÇÖ²¿·ÖÔ±¹¤µÄСÎÒ˽¼ÒÐÅϢй¶
¾ÝýÌå9ÔÂ21ÈÕ±¨µÀ£¬£¬£¬¼ÓÄô󺽿ÕÅû¶ÁËÒ»ÆðÇå¾²ÊÂÎñ£¬£¬£¬ÆäÖкڿ͡°¶ÌÔݵء±»ñµÃÁËÆäÄÚ²¿ÏµÍ³µÄ»á¼ûȨÏÞ¡£¡£¡£¡£¡£¡£¡£¾ÝϤ£¬£¬£¬´Ë´ÎÊÂÎñµ¼ÖÂÔ±¹¤µÄСÎÒ˽¼ÒÐÅÏ¢ºÍ²¿·Ö¼Í¼й¶¡£¡£¡£¡£¡£¡£¡£¿ÉÊǺ½°àÔËӪϵͳºÍÃæÏò¿Í»§µÄϵͳûÓÐÊܵ½Ó°Ï죬£¬£¬¿Í»§ÐÅϢҲûÓб»»á¼û¡£¡£¡£¡£¡£¡£¡£ÏÖÔÚ£¬£¬£¬ËùÓÐϵͳ¾ùÒÑÖÜÈ«ÔËÐС£¡£¡£¡£¡£¡£¡£²»¾Ãǰ£¬£¬£¬ÒòÔâµ½DDoS¹¥»÷£¬£¬£¬¼ÓÄôóÌìϸ÷µØµÄÁìÍÁ¼ì²éÕ¾Öµ»úͤµÄÅÌËã»ú·ºÆð¹ÊÕÏ£¬£¬£¬µ¼ÖÂÈë¾³ÓοͰìÀíÊÖÐøµÄËÙÂÊÂýÁËÒ»¸ö¶àСʱ¡£¡£¡£¡£¡£¡£¡£
https://therecord.media/air-canada-limited-employee-info-accessed
2¡¢ALPHV³Æ¶Ô³µÔØÒôÏìÖÆÔìÉÌClarionÔâµ½µÄ¹¥»÷ÈÏÕæ
¾Ý9ÔÂ24ÈÕ±¨µÀ£¬£¬£¬AlphvÉù³ÆÈëÇÖÁËÒôƵºÍ¶àýÌå×°±¸µÄÈ«ÇòÖÆÔìÉÌClarion¡£¡£¡£¡£¡£¡£¡£¸Ã¹«Ë¾¿ª·¢¡¢ÖÆÔìºÍÏúÊÛÖݪֲúÆ·£¬£¬£¬°üÀ¨Æû³µµ¼º½ÏµÍ³¡¢ÒôƵϵͳ¡¢ÊÓÆµÏµÍ³ºÍºóÊÓÉãÏñÍ·¡£¡£¡£¡£¡£¡£¡£AlphvÔÚ9ÔÂ23ÈÕ½«ClarionÌí¼Óµ½ÆäTorÍøÕ¾ÖУ¬£¬£¬³ÆÓйØÓªÒµºÍÏàÖúͬ°éµÄÉñÃØÒѾÊý¾Ýй¶¡£¡£¡£¡£¡£¡£¡£¸ÃÍŻﻹÌåÏÖÆä»ñµÃÁ˿ͻ§Êý¾Ý£¬£¬£¬²¢ÍþвÔÚ9ÔÂ25ÈÕ֮ǰ½«ÕâЩÊý¾Ý³öÊÛ¸øµÚÈý·½¡£¡£¡£¡£¡£¡£¡£ºÚ¿ÍÐû²¼ÁËһЩ±»µÁÎļþµÄ½ØÍ¼×÷Ϊ¹¥»÷µÄÖ¤¾Ý¡£¡£¡£¡£¡£¡£¡£
https://securityaffairs.com/151299/data-breach/alphv-ransomware-hacked-clarion.html
3¡¢SandmanÍÅ»ïʹÓÃкóÃÅLuaDreamÖ÷ÒªÕë¶ÔµçÐÅÌṩÉÌ
9ÔÂ21ÈÕ£¬£¬£¬SentinelLabs³ÆSandmanʹÓÃÄ£¿£¿£¿£¿£¿é»¯ÐÅÏ¢ÇÔÈ¡¶ñÒâÈí¼þLuaDream¹¥»÷µçÐÅЧÀÍÌṩÉÌ¡£¡£¡£¡£¡£¡£¡£¸Ã»î¶¯ÓÚ8Ô·ݱ»·¢Ã÷£¬£¬£¬Ö÷ÒªÕë¶ÔÖж«¡¢Î÷Å·ºÍÄÏÑÇ¡£¡£¡£¡£¡£¡£¡£SandmanʹÓÃLuaJITƽ̨°²ÅÅÁËÐÂÐͺóÃÅLuaDream£¬£¬£¬¸ÃºóÃÅÓÉ34¸ö×é¼þ×é³É£¬£¬£¬°üÀ¨13¸ö½¹µã×é¼þºÍ21¸öÖ§³Ö×é¼þ£¬£¬£¬ËüÃÇͨ¹ýffi¿âʹÓÃLuaJIT×Ö½ÚÂëºÍWindows API¡£¡£¡£¡£¡£¡£¡£¸Ã¶ñÒâÈí¼þµÄ¿ª·¢ËƺõºÜ»îÔ¾£¬£¬£¬°æ±¾ºÅΪ"12.0.2.5.23.29"£¬£¬£¬×îÔç¿É×·Ëݵ½2022Äê6Ô¡£¡£¡£¡£¡£¡£¡£
https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/
4¡¢Áè¼Ý200ÍòÃû°Í»ù˹̹¹«ÃñµÄСÎÒ˽¼ÒÐÅÏ¢±»ºÚ¿Í³öÊÛ
9ÔÂ21ÈÕ±¨µÀ³Æ£¬£¬£¬ºÚ¿ÍÈëÇÖÁ˰ͻù˹̹Êý°Ù¼Ò²ÍÌüʹÓõÄ˽È˹«Ë¾ÖÆÔìµÄÊý¾Ý¿â£¬£¬£¬µ¼ÖÂÁè¼Ý200Íò¹«ÃñÃæÁÙ×ÅСÎÒ˽¼ÒÐÅϢй¶µÄΣº¦¡£¡£¡£¡£¡£¡£¡£¸ÃÊÂÎñÓ°ÏìÁ˲ÍÌüµÄ¿Í»§£¬£¬£¬Ð¹Â¶ÁËÐÅÓÿ¨¡¢µØµãºÍÒøÐÐÏêϸÐÅÏ¢µÈÊý¾Ý¡£¡£¡£¡£¡£¡£¡£ºÚ¿ÍÕýÔÚÒÔ2±ÈÌØ±ÒµÄ¼ÛÇ®³öÊÛ±»µÁÊý¾Ý¡£¡£¡£¡£¡£¡£¡£ºÚ¿ÍÔÚµãÃûij¶¥¼¶²ÍÌüʱ͸¶£¬£¬£¬ËûÃÇÒÑÈëÇÖÁË250¶à¼Ò²ÍÌüµÄÊý¾Ý¿â¡£¡£¡£¡£¡£¡£¡£ÁíÒ»·½Ã棬£¬£¬Áª°îÊÓ²ìÖ°Ô±ÌåÏÖ£¬£¬£¬ËûÃÇûÓÐÊÕµ½Õâ·½ÃæµÄͶËß¡£¡£¡£¡£¡£¡£¡£
https://en.dailypakistan.com.pk/21-Sep-2023/hackers-put-over-2-million-pakistanis-private-data-for-sale-after-restaurant-software-breach
5¡¢Unit 42Åû¶GelsemiumÕë¶Ô¶«ÄÏÑÇ»ú¹¹µÄ¹¥»÷»î¶¯
Unit 42ÔÚ9ÔÂ22ÈÕÅû¶ÁËGelsemiumÕë¶Ô¶«ÄÏÑÇÕþ¸®»ú¹¹µÄ¹¥»÷»î¶¯¡£¡£¡£¡£¡£¡£¡£¹¥»÷ÕßÔÚ±»Ñ¬È¾µÄWebЧÀÍÆ÷ÉÏ×°ÖÃÁ˶à¸öWeb shellÀ´»ñµÃϵͳ»á¼ûȨÏÞ£¬£¬£¬°üÀ¨¹ûÕæ¿ÉÓõÄreGeorg¡¢China ChopperºÍAspxSpy¡£¡£¡£¡£¡£¡£¡£¹¥»÷ÕßÓÃÓÚºáÏòÒÆ¶¯¡¢Êý¾ÝÍøÂçºÍÌáȨµÄ¹¤¾ß°üÀ¨OwlProxy¡¢SessionManager¡¢Cobalt Strike¡¢SpoolFoolºÍEarthWorm¡£¡£¡£¡£¡£¡£¡£Ñо¿Ö°Ô±Í¨¹ýOwlProxyºÍSessionManagerÍÆ¶Ï´Ë´Î¹¥»÷»î¶¯ÓëGelsemiumÓйء£¡£¡£¡£¡£¡£¡£
https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/
6¡¢ESET³ÆStealth FalconʹÓÃDeadglyph¹¥»÷Öж«µÄʵÌå
9ÔÂ22ÈÕ£¬£¬£¬ESETÐû²¼±¨¸æ³ÆStealth FalconʹÓÃDeadglyph¹¥»÷Öж«µÄʵÌå¡£¡£¡£¡£¡£¡£¡£DeadglyphµÄ¼Ü¹¹Óɶà¸öÐ×÷×é¼þ×é³É£¬£¬£¬°üÀ¨ÍâµØx64¶þ½øÖÆ×é¼þºÍ.NET³ÌÐò¼¯¡£¡£¡£¡£¡£¡£¡£Óë½öʹÓÃÒ»ÖÖ±à³ÌÓïÑÔ¿ª·¢µÄ³£¼û¶ñÒâÈí¼þ²î±ð£¬£¬£¬DeadglyphʹÓÃÁ˲î±ðµÄÓïÑÔ¡£¡£¡£¡£¡£¡£¡£¸Ã¶ñÒâÈí¼þÒÔ¸½¼ÓÄ£¿£¿£¿£¿£¿éµÄÐÎʽ´ÓC2¶¯Ì¬ÎüÊÕÏÂÁ£¬£¬»¹Ö§³Ö¶àÖÖÈÆ¹ý¹¦Ð§¡£¡£¡£¡£¡£¡£¡£¸Ã±¨¸æÆÊÎöµÄÊÇÕë¶ÔÖж«Ä³Õþ¸®ÊµÌåµÄ¹¥»÷£¬£¬£¬ÉÐδȷ¶¨ºóÃŵÄÏêϸÈö²¥·½·¨¡£¡£¡£¡£¡£¡£¡£
https://www.welivesecurity.com/en/eset-research/stealth-falcon-preying-middle-eastern-skies-deadglyph/