I loko o kekahi mau pūʻulu computing nui aia ma nā kikowaena supercomputing ma UK, Kelemānia, Switzerland a me Sepania, nā ala o ka hacking infrastructure a me ka hoʻokomo ʻana i nā polokalamu malware no ka ʻeli huna ʻana o ka cryptocurrency Monero (XMR). ʻAʻole i loaʻa kahi kikoʻī kikoʻī o nā hanana, akā e like me ka ʻikepili mua, ua hoʻohālikelike ʻia nā ʻōnaehana ma muli o ka ʻaihue ʻana i nā hōʻoia mai nā ʻōnaehana o nā mea noiʻi i hiki ke hana i nā hana ma nā ʻōpala (i kēia mau lā, nui nā pūʻulu e hāʻawi i ke komo i ʻO nā mea noiʻi ʻekolu e aʻo ana i ka SARS-CoV-2 coronavirus a me ke alakaʻi ʻana i ke kaʻina hana hoʻohālike e pili ana i ka maʻi COVID-19). Ma hope o ka loaʻa ʻana o ka hui i kekahi o nā hihia, ua hoʻohana nā mea hoʻouka i ka nāwaliwali i ka Linux kernel e loaʻa ai ke aʻa a hoʻokomo i kahi rootkit.
ʻelua mau hanana i hoʻohana ai nā mea hoʻouka i nā hōʻoia i hopu ʻia mai nā mea hoʻohana mai ke Kulanui o Krakow (Poland), Shanghai Transport University (Kina) a me ka Pūnaewele ʻepekema Kina. Ua hopu ʻia nā hōʻoia mai nā poʻe i komo i nā papahana noiʻi honua a hoʻohana ʻia e hoʻopili i nā pūʻulu ma o SSH. ʻAʻole maopopo ka pehea i hopu ʻia ai nā hōʻoiaʻiʻo, akā ma kekahi mau ʻōnaehana (ʻaʻole nā mea āpau) o ka poʻe i loaʻa i ka leak password, ua ʻike ʻia nā faila hoʻokō SSH spoofed.
ʻO ka hopena, nā mea hoʻouka ke komo ʻana i ka hui ʻo UK (University of Edinburgh). , ka 334th ma ka Top500 supercomputers nui loa. Ma hope o nā komo like ʻana i nā hui bwUniCluster 2.0 (Karlsruhe Institute of Technology, Kelemānia), ForHLR II (Karlsruhe Institute of Technology, Kelemānia), bwForCluster JUSTUS (Ulm University, Kelemānia), bwForCluster BinAC (University of Tübingen, Kelemānia) a me Hawk (University of Stuttgart, Kelemānia).
ʻIke e pili ana i nā hanana palekana cluster ma (CSCS), ( ma luna o 500), (Kelemānia) a (, и nā wahi i ka Top500). Eia kekahi, mai nā limahana ʻAʻole i hōʻoia ʻia ka ʻike e pili ana i ka ʻae ʻana o ka ʻōnaehana o ka High Performance Computing Center ma Barcelona (Spain).
loli
, ua hoʻoiho ʻia nā faila hoʻokō ʻino ʻelua i nā kikowaena compromised, kahi i hoʻonohonoho ʻia ai ka hae aʻa suid: "/etc/fonts/.fonts" a me "/etc/fonts/.low". ʻO ka mea mua he bootloader no ka holo ʻana i nā kauoha shell me nā pono kumu, a ʻo ka lua he mea hoʻomaʻemaʻe log no ka wehe ʻana i nā meheu o ka hana hoʻouka. Ua hoʻohana ʻia nā ʻano hana like ʻole e hūnā i nā mea ʻino, me ka hoʻokomo ʻana i kahi rootkit. , hoʻouka ʻia ma ke ʻano he module no ka Linux kernel. I kekahi hihia, ua hoʻomaka ka hana mining i ka pō wale nō, i ʻole e huki i ka nānā.
I ka manawa i hacked, hiki ke hoʻohana ʻia ka mea hoʻokipa e hana i nā hana like ʻole, e like me ka mining Monero (XMR), e holo ana i kahi koho (e kamaʻilio me nā pūʻali mining ʻē aʻe a me ka server e hoʻonohonoho ana i ka mining), e holo ana i kahi microSOCKS-based SOCKS proxy (e ʻae i waho. nā pilina ma o SSH) a me ka hoʻouna ʻana i ka SSH (ke kumu mua o ke komo ʻana me ka hoʻohana ʻana i kahi moʻokāki i hoʻopaʻa ʻia kahi i hoʻonohonoho ʻia ai kahi unuhi ʻōlelo no ka hoʻouna ʻana i ka pūnaewele kūloko). I ka hoʻohui ʻana i nā pūʻali i hoʻopaʻa ʻia, ua hoʻohana nā mea hoʻouka i nā pūʻali me nā proxies SOCKS a pili pinepine ʻia ma o Tor a i ʻole nā pūnaewele ʻē aʻe.
Source: opennet.ru