Lub lim tiam dhau los Kommersant , tias "cov neeg siv khoom ntawm Street Beat thiab Sony Center tau nyob rau hauv pej xeem sau," tab sis qhov tseeb txhua yam yog qhov phem tshaj qhov tau sau hauv tsab xov xwm.
Kuv twb tau ua cov ncauj lus kom ntxaws technical analysis ntawm qhov xau no. , yog li ntawm no peb yuav hla tsuas yog cov ntsiab lus tseem ceeb.
Дисклеймер: вся информация ниже публикуется исключительно в образовательных целях. Автор не получал доступа к персональным данным третьих лиц и компаний. Информация взята либо из открытых источников, либо была предоставлена автору анонимными доброжелателями.Lwm tus neeg rau zaub mov Elasticsearch nrog indexes muaj dawb:
- greylog2_0
- README
- unauth_text
- http:
- greylog2_1
В greylog2_0 muaj cov ntawv teev tseg txij lub Kaum Ib Hlis 16.11.2018, 2019 txog Lub Peb Hlis XNUMX, thiab hauv greylog2_1 - Cov ntaub ntawv txij lub Peb Hlis 2019 txog 04.06.2019/XNUMX/XNUMX. Txog thaum nkag mus rau Elasticsearch raug kaw, tus naj npawb ntawm cov ntaub ntawv hauv greylog2_1 loj hlob.
Raws li Shodan tshawb fawb cav, Elasticsearch no tau muaj kev ywj pheej txij li lub Kaum Ib Hlis 12.11.2018, 16.11.2018 (raws li tau sau tseg saum toj no, thawj zaug nkag hauv cov cav yog hnub tim XNUMX lub Kaum Ib Hlis XNUMX).
Nyob rau hauv lub log, nyob rau hauv lub teb gl2_remote_ip ua IP chaw nyob 185.156.178.58 thiab 185.156.178.62 tau teev tseg, nrog cov npe DNS srv2.inventive.ru ua и srv3.inventive.ru ua:
kuv ceeb toom Inventive Retail Group (www.inventive.ru) txog qhov teeb meem ntawm 04.06.2019/18/25 ntawm 22: 30 (Moscow lub sij hawm) thiab los ntawm XNUMX: XNUMX tus neeg rau zaub mov "tso ntsiag to" ploj ntawm pej xeem nkag.
Cov ntaub ntawv muaj (tag nrho cov ntaub ntawv yog kwv yees, duplicates tsis tau muab tshem tawm los ntawm kev suav, yog li tus nqi ntawm cov ntaub ntawv leaked tiag feem ntau yuav tsawg dua):
- ntau tshaj 3 lab email chaw nyob ntawm cov neeg siv khoom los ntawm re: Khw, Samsung, Street Beat thiab Lego khw
- ntau tshaj 7 lab tus xov tooj ntawm cov neeg siv khoom los ntawm re: Khw, Sony, Nike, Street Beat thiab Lego khw
- ntau tshaj 21 txhiab tus ID nkag mus / lo lus zais khub los ntawm tus kheej tus account ntawm cov neeg yuav khoom ntawm Sony thiab Street Beat khw.
- feem ntau cov ntaub ntawv nrog tus lej xov tooj thiab email kuj muaj cov npe tag nrho (feem ntau hauv Latin) thiab daim npav loyalty.
Piv txwv los ntawm lub cav cuam tshuam nrog Nike lub khw muag khoom (tag nrho cov ntaub ntawv rhiab hloov nrog "X" cim):
"message": "{"MESSAGE":"[URI] /personal/profile/[МЕТОД ЗАПРОСА] contact[ДАННЫЕ POST] Arrayn(n [contact[phone]] => +7985026XXXXn [contact[email]] => [email protected] [contact[channel]] => n [contact[subscription]] => 0n)n[ДАННЫЕ GET] Arrayn(n [digital_id] => 27008290n [brand] => NIKEn)n[ОТВЕТ СЕРВЕРА] Код ответа - 200[ОТВЕТ СЕРВЕРА] stdClass Objectn(n [result] => successn [contact] => stdClass Objectn (n [phone] => +7985026XXXXn [email] => [email protected] [channel] => 0n [subscription] => 0n )nn)n","DATE":"31.03.2019 12:52:51"}",Thiab ntawm no yog ib qho piv txwv ntawm yuav ua li cas nkag mus thiab passwords los ntawm tus kheej cov nyiaj ntawm cov neeg yuav khoom ntawm cov vev xaib raug khaws cia sc-store.ru и txoj kev-beat.ru:
"message":"{"MESSAGE":"[URI]/action.php?a=login&sessid=93164e2632d9bd47baa4e51d23ac0260&login=XXX%40gmail.com&password=XXX&remember=Y[МЕТОД ЗАПРОСА] personal[ДАННЫЕ GET] Arrayn(n [digital_id] => 26725117n [brand]=> SONYn)n[ОТВЕТ СЕРВЕРА] Код ответа - [ОТВЕТ СЕРВЕРА] ","DATE":"22.04.2019 21:29:09"}"Daim ntawv tshaj tawm IRG ntawm qhov xwm txheej no tuaj yeem nyeem tau , excerpt los ntawm nws:
Peb tsis tuaj yeem tsis quav ntsej cov ntsiab lus no thiab hloov cov passwords rau cov neeg siv khoom tus kheej cov nyiaj mus rau ib ntus, txhawm rau zam kev siv cov ntaub ntawv los ntawm tus kheej cov nyiaj rau kev dag ntxias. Lub tuam txhab tsis lees paub qhov xau ntawm tus kheej cov ntaub ntawv ntawm street-beat.ru cov neeg siv khoom. Tag nrho cov haujlwm ntawm Inventive Retail Group raug kuaj xyuas ntxiv. Tsis muaj kev hem thawj rau cov neeg siv cov ntaub ntawv tus kheej raug kuaj pom.
Nws yog qhov phem uas IRG tsis tuaj yeem txheeb xyuas qhov tau xau thiab dab tsi tsis tau. Ntawm no yog ib qho piv txwv los ntawm lub cav muaj feem xyuam rau Street Beat tus neeg siv khoom:
"message": "{"MESSAGE":"'DATA' => ['URI' => /local/components/multisite/order/ajax.php,'МЕТОД ЗАПРОСА' = contact,'ДАННЫЕ POST' = Arrayn(n [contact[phone]] => 7915545XXXXn)n,'ДАННЫЕ GET' =nttArrayn(n [digital_id] => 27016686n [brand] => STREETBEATn)n,'ОТВЕТ СЕРВЕРА' = 'Код ответа - '200,'RESPONCE' = stdClass Objectn(n [result] => successn [contact] => stdClass Objectn (n [phone] => +7915545XXXXn [email] => [email protected]","Дата":"01.04.2019 08:33:48"}",Txawm li cas los xij, cia peb mus rau qhov xov xwm phem tiag tiag thiab piav qhia vim li cas qhov no yog qhov xau ntawm tus kheej cov ntaub ntawv ntawm IRG cov neeg siv khoom.
Yog tias koj saib ze rau ntawm qhov ntsuas ntawm qhov muaj dawb Elasticsearch, koj yuav pom ob lub npe hauv lawv: README и unauth_text. Qhov no yog ib qho cim cim ntawm ib qho ntawm ntau cov ntawv sau ransomware. Nws cuam tshuam ntau dua 4 txhiab Elasticsearch servers thoob ntiaj teb. Cov ntsiab lus README zoo li no:
"ALL YOUR INDEX AND ELASTICSEARCH DATA HAVE BEEN BACKED UP AT OUR SERVERS, TO RESTORE SEND 0.1 BTC TO THIS BITCOIN ADDRESS 14ARsVT9vbK4uJzi78cSWh1NKyiA2fFJf3 THEN SEND AN EMAIL WITH YOUR SERVER IP, DO NOT WORRY, WE CAN NEGOCIATE IF CAN NOT PAY"Thaum cov neeg rau zaub mov nrog IRG cov ntaub ntawv tuaj yeem nkag mus tau yooj yim, tsab ntawv ransomware twv yuav raug hu tau txais kev nkag mus rau cov neeg siv cov ntaub ntawv thiab, raws li cov lus nws tawm, cov ntaub ntawv tau rub tawm.
Tsis tas li ntawd, kuv tsis muaj qhov tsis ntseeg tias cov ntaub ntawv no tau pom ua ntej kuv thiab twb tau rub tawm lawm. Kuv txawm yuav hais tias kuv paub tseeb qhov no. Tsis muaj qhov zais cia uas cov ntaub ntawv qhib no yog lub hom phiaj tshawb nrhiav thiab rub tawm.
Xov xwm hais txog cov ntaub ntawv xau thiab cov neeg sab hauv tuaj yeem nrhiav pom ntawm kuv tus Telegram channel "»: .
Tau qhov twg los: www.hab.com