Gulu la ziwopsezo za APT lidapezeka posachedwa pogwiritsa ntchito kampeni yazachinyengo kuti agwiritse ntchito mliri wa coronavirus kugawa pulogalamu yawo yaumbanda.
Dziko lapansi pano likukumana ndi vuto lapadera chifukwa cha mliri wapano wa Covid-19. Pofuna kuletsa kufalikira kwa kachilomboka, makampani ambiri padziko lonse lapansi ayambitsa njira yatsopano yogwirira ntchito zakutali (zakutali). Izi zakulitsa kwambiri kuukira, zomwe zimabweretsa vuto lalikulu kwa makampani pankhani yachitetezo chazidziwitso, popeza tsopano akuyenera kukhazikitsa malamulo okhwima ndikuchitapo kanthu. kuwonetsetsa kuti bizinesiyo ikugwira ntchito ndi machitidwe ake a IT.
Komabe, kuwonjezereka kwachiwopsezo sikuli ngozi yokha ya cyber yomwe yawonekera m'masiku angapo apitawa: zigawenga zambiri za pa intaneti zikugwiritsa ntchito mwachangu kusatsimikizika kwapadziko lonse lapansi kuchita kampeni zachinyengo, kugawa pulogalamu yaumbanda ndikuwopseza chitetezo chamakampani ambiri.
APT imagwiritsa ntchito mliriwu
Chakumapeto kwa sabata yatha, gulu la Advanced Persistent Threat (APT) lotchedwa Vicious Panda lidapezeka kuti likuchita kampeni yotsutsa. , pogwiritsa ntchito mliri wa coronavirus kufalitsa pulogalamu yaumbanda yawo. Imeloyo idauza wolandirayo kuti ili ndi zambiri za coronavirus, koma imeloyo inali ndi mafayilo awiri oyipa a RTF (Rich Text Format). Ngati wozunzidwayo adatsegula mafayilowa, Remote Access Trojan (RAT) idakhazikitsidwa, yomwe, mwa zina, imatha kujambula zithunzi, kupanga mndandanda wa mafayilo ndi zolemba pakompyuta ya wozunzidwayo, ndikutsitsa mafayilo.
Ntchitoyi yakhala ikuyang'ana kwambiri ku Mongolia, ndipo malinga ndi akatswiri ena akumadzulo, ikuyimira kuukira kwaposachedwa pazochitika zachi China zotsutsana ndi maboma ndi mabungwe osiyanasiyana padziko lonse lapansi. Pakadali pano, chodabwitsa cha kampeniyi ndikuti ikugwiritsa ntchito zatsopano zapadziko lonse lapansi zapadziko lonse lapansi kupatsira anthu omwe angakumane nawo.
Imelo yachinyengo ikuwoneka kuti ikuchokera ku Unduna wa Zachilendo ku Mongolia ndipo imati ili ndi chidziwitso cha kuchuluka kwa anthu omwe ali ndi kachilomboka. Kuti agwiritse ntchito fayiloyi, owukirawo adagwiritsa ntchito RoyalRoad, chida chodziwika bwino pakati pa opanga ziwopsezo aku China chomwe chimawalola kupanga zikalata zokhala ndi zinthu zophatikizika zomwe zitha kugwiritsa ntchito chiwopsezo mu Equation Editor yophatikizidwa mu MS Word kuti apange ma equation ovuta.
Njira Zopulumukira
Wozunzidwayo akatsegula mafayilo oyipa a RTF, Microsoft Word imagwiritsa ntchito mwayi wotsitsa fayilo yoyipa (intel.wll) mufoda yoyambira ya Mawu (%APPDATA%MicrosoftWordSTARTUP). Pogwiritsa ntchito njirayi, sikuti chiwopsezocho chimangokhala cholimba, komanso chimalepheretsa kuti kachilomboka kadzaphulike mukathamanga mu sandbox, popeza Mawu amayenera kuyambiranso kuti ayambitse pulogalamu yaumbanda.
Fayilo ya intel.wll ndiye imakweza fayilo ya DLL yomwe imagwiritsidwa ntchito kutsitsa pulogalamu yaumbanda ndikulumikizana ndi seva ya owononga ndikuwongolera. Seva yolamula ndi yowongolera imagwira ntchito kwakanthawi kochepa tsiku lililonse, zomwe zimapangitsa kuti zikhale zovuta kusanthula ndikupeza magawo ovuta kwambiri a unyolo wa matenda.
Ngakhale zili choncho, ochita kafukufuku adatha kudziwa kuti mu gawo loyamba la unyolo uwu, atangolandira lamulo loyenera, RAT imayikidwa ndi kuchotsedwa, ndipo DLL imayikidwa, yomwe imayikidwa pamtima. Zomangamanga ngati mapulagini zikuwonetsa kuti pali ma module ena kuwonjezera pa malipiro omwe amawonedwa pa kampeni iyi.
Njira zodzitetezera ku APT yatsopano
Kampeni yoyipayi imagwiritsa ntchito njira zingapo zolowera m'makina a omwe akuzunzidwa ndikusokoneza chitetezo chawo. Kuti mudziteteze ku makampeni otere, ndikofunikira kuchita zinthu zingapo.
Yoyamba ndiyofunikira kwambiri: ndikofunikira kuti ogwira ntchito azikhala tcheru komanso osamala polandira maimelo. Imelo ndi imodzi mwazinthu zowononga kwambiri, koma pafupifupi palibe kampani yomwe ingachite popanda imelo. Ngati mulandira imelo kuchokera kwa wotumiza wosadziwika, ndi bwino kuti musatsegule, ndipo ngati mutsegula, musatsegule zomata kapena dinani maulalo aliwonse.
Pofuna kusokoneza chitetezo cha chidziwitso cha omwe akuzunzidwa, kuukira kumeneku kumagwiritsa ntchito chiwopsezo cha Word. M'malo mwake, ziwopsezo zosasinthika ndizo chifukwa , ndipo pamodzi ndi zina zachitetezo, zimatha kuyambitsa kuphwanya kwakukulu kwa data. Ichi ndichifukwa chake ndikofunikira kugwiritsa ntchito chigamba choyenera kuti mutseke chiwopsezocho posachedwa.
Kuti athetse mavutowa, pali njira zomwe zimapangidwira kuzindikira, . Moduleyo imasaka zokha zigamba zofunika kuti zitsimikizire chitetezo cha makompyuta amakampani, ndikuyika patsogolo zosintha zachangu kwambiri ndikukonza kuyika kwawo. Zambiri zokhudzana ndi zigamba zomwe zimafuna kuyika zimaperekedwa kwa woyang'anira ngakhale zitadziwika kuti zawonongeka ndi pulogalamu yaumbanda.
Yankho likhoza kuyambitsa nthawi yomweyo kuyika kwa zigamba ndi zosintha zofunika, kapena kuyika kwawo kutha kukonzedwa kuchokera pa intaneti yoyang'anira pakati, ngati kuli kofunikira kupatula makompyuta osasinthidwa. Mwanjira iyi, woyang'anira amatha kuyang'anira zigamba ndi zosintha kuti kampaniyo iziyenda bwino.
Tsoka ilo, kuwukira kwa cyber komwe kukufunsidwa sikungakhale komaliza kugwiritsa ntchito mwayi wapadziko lonse lapansi wapadziko lonse lapansi kusokoneza chitetezo chamabizinesi.
Source: www.habr.com