Lazarus ºÚ¿ÍʹÓà Windows 0-Day »ñÈ¡ÄÚºËȨÏÞ
Ðû²¼Ê±¼ä 2024-03-012ÔÂ29ÈÕ£¬£¬£¬ÖøÃûµÄÍøÂç·¸·¨×éÖ¯ Lazarus Group ×î½üʹÓà Windows ÖеÄÁãÈÕÎó²î»ñÈ¡ÄÚºËȨÏÞ£¬£¬£¬ÕâÊÇϵͳ»á¼ûµÄÒªº¦¼¶±ð¡£¡£¡£¸ÃÎó²î±»Ê¶±ðΪ CVE-2024-21338£¬£¬£¬ÊÇÔÚ appid.Sys AppLocker Çý¶¯³ÌÐòÖз¢Ã÷µÄ£¬£¬£¬Î¢ÈíÆ¾Ö¤ Avast Threat Labs µÄ±¨¸æÔÚÖÙ´º²¹¶¡ÐÇÆÚ¶þ¸üÐÂÖÐÐÞ¸´Á˸ÃÎó²î¡£¡£¡£¸ÃÎó²îÔÊÐí Lazarus Group ½¨ÉèÄں˶Á/дÔÓ£¬£¬ÕâÊÇʹÓòÙ×÷ϵͳÄÚºËÄÚ´æµÄ»ù±¾¹¦Ð§¡£¡£¡£´Ë¹¦Ð§ÓÃÓÚ¸üÐÂËûÃÇµÄ FudModule rootkit£¬£¬£¬ÔöÇ¿Æä¹¦Ð§ºÍÒþ²ØÐÔ¡£¡£¡£Rootkit ÏÖÔÚ°üÀ¨ÓÃÓÚ²Ù×÷¾ä±ú±íÌõÄ¿µÄÐÂÊÖÒÕ£¬£¬£¬ÕâЩÊÖÒÕ¿ÉÄÜ»á×ÌÈÅÊÜ Microsoft Protected Process Light (PPL) ±£»£»£»£»¤µÄÀú³Ì£¬£¬£¬ÀýÈçÊôÓÚ Microsoft Defender¡¢CrowdStrike Falcon ºÍ HitmanPro µÄÀú³Ì¡£¡£¡£CVE-2024-21338ÊÇ Windows Çý¶¯³ÌÐòÖз¢Ã÷µÄÎó²îµÄÃû³Æ¡£¡£¡£¹ØÓÚºÚ¿ÍÀ´Ëµ£¬£¬£¬ËüÊÇÒ»¸öºÜºÃµÄÄ¿µÄ£¬£¬£¬ÓÉÓÚËüºÜÈÝÒ×ÓÃÓÚ¹¥»÷£¬£¬£¬²¢ÇÒËüÊÇϵͳµÄÒ»²¿·Ö£¬£¬£¬Òò´ËËûÃDz»ÐèÒªÌí¼ÓÈκοÉÒÔ¼ì²âµ½µÄÐÂÄÚÈÝ¡£¡£¡£
https://gbhackers.com/lazarus-hackers-exploited-windows-0-day/
2. ÖÆÒ©¾ÞÍ· Cencora ±¨¸æ³ÆÆäÔâµ½ÍøÂç¹¥»÷
2ÔÂ28ÈÕ£¬£¬£¬Cencora, Inc.£¨ÒÔϼò³Æ¡°¹«Ë¾¡±£©»ñϤÆäÐÅϢϵͳÖеÄÊý¾ÝÒѱ»Ð¹Â¶£¬£¬£¬ÆäÖв¿·ÖÊý¾Ý¿ÉÄܰüÀ¨Ð¡ÎÒ˽¼ÒÐÅÏ¢¡£¡£¡£ÔÚÆðÔ´·¢Ã÷δ¾ÊÚȨµÄ¹¥»÷»î¶¯ºó£¬£¬£¬¹«Ë¾Á¬Ã¦½ÓÄÉ×èÖ¹²½·¥£¬£¬£¬²¢ÔÚÖ´·¨²¿·Ö¡¢ÍøÂçÇ徲ר¼ÒºÍÍⲿÕÕÁϵÄÐÖúÏÂ×îÏÈÊӲ졣¡£¡£×èÖ¹±¾Í¨¸æÐû²¼Ö®ÈÕ£¬£¬£¬¸ÃÊÂÎñÉÐδ¶Ô¹«Ë¾ÔËÓª±¬·¢ÖØ´óÓ°Ï죬£¬£¬ÆäÐÅϢϵͳÈÔÔÚÔËÐС£¡£¡£¹«Ë¾ÉÐδȷ¶¨¸ÃÊÂÎñÊÇ·ñºÏÀí¿ÉÄܶԹ«Ë¾µÄ²ÆÎñ״̬»òı»®Òµ¼¨±¬·¢ÖØ´óÓ°Ïì¡£¡£¡£¾ÝThe Record±¨µÀ£¬£¬£¬Cencora ÒÔǰ³ÆÎª AmerisourceBergen¡£¡£¡£AmerisourceBergen ¹«Ë¾ËƺõÂÄÀúÁË Lorenz ÀÕË÷Èí¼þ×éÖ¯ÓÚ 2023 Äê 1 ÔÂÉù³ÆµÄÀÕË÷Èí¼þ¹¥»÷£¬£¬£¬²¢ÇÒËÆºõÓ°ÏìÁË MWI Animal Health¡£¡£¡£DataBreaches Éв»ÇåÎú 2022 ÄêËê¼þÓë×î½üµÄ±¨¸æÖ®¼äÊÇ·ñÓÐÈκÎÁªÏµ¡£¡£¡£
https://www.databreaches.net/pharmaceutical-giant-cencora-reports-cyberattack/
3. Rhysida ÀÕË÷ÍŻ﹥»÷Lurie²¢ÀÕË÷ 360 ÍòÃÀÔª
2ÔÂ28ÈÕ£¬£¬£¬Rhysida ÀÕË÷Èí¼þÍÅ»ïÉù³Æ¶Ô±¾Ô³õÕë¶ÔÖ¥¼Ó¸ç¬Àï¶ùͯҽԺµÄÍøÂç¹¥»÷ÈÏÕæ¡£¡£¡£Lurie ÊÇÃÀ¹úÁìÏȵĶù¿Æ¼±Ö¢Õչ˻¤Ê¿»ú¹¹£¬£¬£¬Ã¿ÄêΪÁè¼Ý 200,000 Ãû¶ùͯÌṩÕչ˻¤Ê¿¡£¡£¡£ÍøÂç¹¥»÷ÆÈʹҽÁƱ£½¡ÌṩÉÌ¹Ø±ÕÆä IT ϵͳ£¬£¬£¬²¢ÔÚijЩÇéÐÎÏÂÍÆ³ÙÒ½ÁÆÕչ˻¤Ê¿¡£¡£¡£µç×ÓÓʼþ¡¢µç»°¡¢MyChart »á¼ûºÍÍâµØ»¥ÁªÍø¾ùÊܵ½Ó°Ïì¡£¡£¡£³¬Éù²¨ºÍ CT ɨÃèЧ¹ûÎÞ·¨»ñµÃ£¬£¬£¬»¼ÕßЧÀÍÓÅÏÈϵͳ±»×÷·Ï£¬£¬£¬Ò½Éú±»ÆÈ¸ÄÓñʺÍÖ½¿ª´¦·½¡£¡£¡£Rhysida ÀÕË÷Èí¼þÍÅ»ïÒѽ« Lurie Children¡¯s Ò½ÔºÁÐÈëÆä°µÍøÉϵÄÀÕË÷ÃÅ»§ÍøÕ¾£¬£¬£¬Éù³Æ´Ó¸ÃÒ½ÔºÇÔÈ¡ÁË 600 GB µÄÊý¾Ý¡£¡£¡£Æ¾Ö¤Lurie Children's ÓÚ 2024 Äê 2 Ô 22 ÈÕÐû²¼µÄ×îÐÂ״̬¸üУ¬£¬£¬»Ö¸´ IT ϵͳµÄÊÂÇéÕýÔÚ¾ÙÐÐÖУ¬£¬£¬Ð§ÀÍÖÐÖ¹ÈÔȻӰÏìһЩÔËÓª²¿·Ö¡£¡£¡£
https://www.bleepingcomputer.com/news/security/rhysida-ransomware-wants-36-million-for-childrens-stolen-data/
4. Anycubic 3D´òÓ¡»úÔÚÈ«Çò¹æÄ£ÄÚÔâµ½ºÚ¿Í¹¥»÷
2ÔÂ28ÈÕ£¬£¬£¬Æ¾Ö¤ Anycubic ¿Í»§µÄÒ»²¨ÔÚÏß±¨¸æ£¬£¬£¬ÓÐÈËÈëÇÖÁËËûÃÇµÄ 3D ´òÓ¡»ú£¬£¬£¬²¢ÖÒÑÔÕâЩװ±¸ÃæÁÙ¹¥»÷¡£¡£¡£´ËÊÂÎñ±³ºóµÄÈËÔÚÆä×°±¸ÖÐÌí¼ÓÁË hacked_machine_readme.gcode Îļþ£¨¸ÃÎļþͨ³£°üÀ¨ 3D ´òÓ¡Ö¸Á£¬£¬£¬ÌáÐÑÊÜÓ°ÏìµÄÓû§ËûÃǵĴòÓ¡»úÊܵ½ÑÏÖØÇå¾²¹ýʧµÄÓ°Ïì¡£¡£¡£¾Ý³Æ£¬£¬£¬´ËÎó²îʹDZÔÚ¹¥»÷ÕßÄܹ»Ê¹Óøù«Ë¾µÄ MQTT ЧÀÍ API ¿ØÖÆÈκÎÊÜ´ËÎó²îÓ°ÏìµÄ Anycubic 3D ´òÓ¡»ú¡£¡£¡£ÊÜÓ°Ïì×°±¸ÊÕµ½µÄÎļþ»¹ÒªÇó Anycubic ¿ªÔ´Æä 3D ´òÓ¡»ú£¬£¬£¬ÔÚÓû§±¨¸æ 3D ´òÓ¡»úÏÔʾ¡°±»ºÚ¡±ÐÂÎÅ×îÏÈ·ºÆðºó£¬£¬£¬ AnycubicÓ¦ÓóÌÐòÒ²×èÖ¹ÁËÊÂÇé¡£¡£¡£ÕýÈçTechCrunchÊ״ᨵÀµÄÄÇÑù£¬£¬£¬ÊµÑéµÇ¼µÄÓû§»á¿´µ½¡°ÍøÂç²»¿ÉÓá±¹ýʧÐÂÎÅ¡£¡£¡£
https://www.bleepingcomputer.com/news/security/anycubic-3d-printers-hacked-worldwide-to-expose-security-flaw/
5. ÓëÒÁÀÊÓÐ¹ØµÄ UNC1549 ºÚ¿ÍÃé×¼Öж«º½¿Õº½ÌìºÍ¹ú·À²¿·Ö
2ÔÂ28ÈÕ£¬£¬£¬¹È¸èÆìÏ嵀 Mandiant ÔÚÒ»·ÝÐÂÆÊÎöÖÐÌåÏÖ£¬£¬£¬ÍøÂçÌØ¹¤»î¶¯µÄÆäËûÄ¿µÄ¿ÉÄܰüÀ¨ÍÁ¶úÆä¡¢Ó¡¶ÈºÍ°¢¶û°ÍÄáÑÇ¡£¡£¡£ÕâЩ¹¥»÷ÐèҪʹÓà Microsoft Azure ÔÆ»ù´¡ÉèÊ©¾ÙÐÐÏÂÁîÓë¿ØÖÆ (C2) ºÍÉæ¼°ÓëÊÂÇéÏà¹ØµÄÓÕ»óµÄÉç»á¹¤³Ì£¬£¬£¬ÒÔÌṩÁ½¸öÃûΪ MINIBIKE ºÍ MINIBUS µÄºóÃÅ¡£¡£¡£Óã²æÊ½ÍøÂç´¹ÂÚµç×ÓÓʼþÖ¼ÔÚÈö²¥°üÀ¨ÒÔÉ«ÁйþÂí˹Ïà¹ØÄÚÈÝ»òÐéαÊÂÇéʱ»úµÄÐéÎ±ÍøÕ¾Á´½Ó£¬£¬£¬´Ó¶øµ¼Ö°²ÅŶñÒâ¸ºÔØ¡£¡£¡£»£»£»£»¹ÊӲ쵽ģÄâÖÁ¹«Ë¾µÄÐéαµÇÂ¼Ò³ÃæÒÔ»ñȡƾ֤¡£¡£¡£×Ô½ç˵ºóÃÅÔÚ½¨Éè C2 »á¼ûºó£¬£¬£¬³äµ±Çé±¨ÍøÂçºÍ½øÒ»²½»á¼ûÄ¿µÄÍøÂçµÄÇþµÀ¡£¡£¡£´Ë½×¶Î°²ÅŵÄÁíÒ»¸ö¹¤¾ßÊÇÃûΪ LIGHTRAIL µÄËíµÀÈí¼þ£¬£¬£¬ËüʹÓà Azure ÔÆ¾ÙÐÐͨѶ¡£¡£¡£´Ë´Î¹¥»÷»î¶¯Öа²ÅŵĹæ±ÜÒªÁ죬£¬£¬¼´Á¿Éí¶¨ÖÆµÄÒÔÊÂÇéΪÖ÷ÌâµÄÓÕ¶üÓë C2 ÔÆ»ù´¡ÉèÊ©µÄʹÓÃÏàÁ¬Ïµ£¬£¬£¬¿ÉÄÜ»áÈÃÍøÂç·ÀÓùÕßÄÑÒÔÔ¤·À¡¢¼ì²âºÍ¼õÇáÕâÖֻ¡£¡£¡£
https://thehackernews.com/2024/02/iran-linked-unc1549-hackers-target.html
6. ÀÕË÷Èí¼þÍÅ»ïÉù³ÆÇÔÈ¡½ü 200GB µÄ Epic Games ÄÚ²¿Êý¾Ý
2ÔÂ28ÈÕ£¬£¬£¬¾Ý±¨µÀ£¬£¬£¬¸ÃÍÅ»ïÃûΪ Mogilevich£¬£¬£¬ÔÚÆä°µÍøÐ¹ÃÜÍøÕ¾ÉÏÐû²¼ÁËÒ»ÌõÐÂÎÅ£¬£¬£¬ÌṩÁËÓÐ¹ØÆäÉù³ÆµÄ¡¶±¤ÀÝÖ®Ò¹¡·ºÍEpic Games Store¹«Ë¾Ð¹ÃÜÊÂÎñµÄ¸ü¶àÐÅÏ¢¡£¡£¡£»£»£»£»¹Éù³ÆÒѾй¶ÁË¡°µç×ÓÓʼþ¡¢ÃÜÂ롢ȫÃû¡¢¸¶¿îÐÅÏ¢¡¢Ô´´úÂëºÍÐí¶àÆäËûÊý¾Ý¡±£¬£¬£¬×ܾÞϸµÖ´ï 189GB¡£¡£¡£»£»£»£»¹Ëµ£º¡°Êý¾ÝÒ²¿ÉÒÔ³öÊÛ¡±£¬£¬£¬²¢Îª¡°¹«Ë¾Ô±¹¤»òÏëÒª¹ºÖÃÊý¾ÝµÄÈË¡±Ìí¼ÓÁËÁ´½Ó¡£¡£¡£¸ÃÍŻﻮ¶¨ÁË 3 Ô 4 ÈÕΪ¹ºÖÃÊý¾ÝµÄ×îºóÏÞÆÚ£¬£¬£¬µ«Ã»Óиø³öÏêϸÊý×Ö£¬£¬£¬Ò²Ã»ÓÐÅú×¢ÈôÊÇ×èÖ¹ÈÕÆÚʺó½«ÈçÄÇÀïÖÃÕâЩÊý¾Ý¡£¡£¡£Mogilevich ÊÇÒ»¸öÏà¶Ô½ÏеÄÀÕË÷Èí¼þ×éÖ¯£¬£¬£¬Epic Games ÊÇÆäµÚËĸöÄ¿µÄ¡£¡£¡£µÚÒ»¸öÊÇÈÕ²ú×Ó¹«Ë¾Ó¢·ÆÄáµÏÃÀ¹ú¹«Ë¾£¬£¬£¬¸Ã¹«Ë¾ÉÏÖÜÔâµ½ºÚ¿Í¹¥»÷¡£¡£¡£
https://www.videogameschronicle.com/news/a-ransomware-gang-claims-to-have-hacked-nearly-200gb-of-epic-games-internal-data/