Boka rekutyisidzira kweAPT rakachangobva kuwanikwa richishandisa mapfumo ehumbimbindoga kushandisa denda rekoronavirus kugovera malware yavo.
Nyika parizvino iri kusangana nemamiriro ekunze nekuda kweiyo Covid-19 coronavirus denda. Kuedza kumisa kupararira kwehutachiona, nhamba huru yemakambani pasi rose yakatanga nzira itsva yebasa riri kure (kure). Izvi zvakawedzera zvakanyanya nzvimbo yekurwisa, izvo zvinounza dambudziko rakakura kumakambani maererano nekuchengetedza ruzivo, sezvo ivo zvino vanofanirwa kumisa mitemo yakasimba uye kutora matanho. kuve nechokwadi chekuenderera kwekushanda kwebhizinesi uye neIT masisitimu ayo.
Nekudaro, iyo yakawedzera kurwiswa kwepasi handiyo yega njodzi yecyber yakabuda mumazuva mashoma apfuura: matsotsi mazhinji epa cyber ari kushingaira kushandisa kusavimbika uku kwepasirese kuita mishandirapamwe yekubira, kugovera malware uye kuisa njodzi kune kuchengetedzwa kwemashoko kwemakambani mazhinji.
APT inoshandisa denda
Mukupera kwesvondo rapfuura, boka reAdvanced Persistent Threat (APT) rainzi Vicious Panda rakaonekwa richiita hurongwa hwekupikisa. , vachishandisa chirwere chekoronavirus kuparadzira malware yavo. Iyo email yakaudza aigamuchira kuti yaive neruzivo nezve coronavirus, asi chokwadi iyo email yaive nemafaira maviri akashata eRTF (Rich Text Format). Kana munhu akabatwa akavhura mafaera aya, Remote Access Trojan (RAT) yakatangwa, iyo, pakati pezvimwe zvinhu, yaikwanisa kutora zviratidziro, kugadzira rondedzero yemafaira nemadhairekitori pakombuta yemunhu akabatwa, uye kurodha mafaera.
Kurudziro iyi kusvika parizvino yakanangana neruzhinji rweMongolia, uye sekureva kwevamwe nyanzvi dzekuMadokero, inomiririra kurwiswa kwazvino mukuitwa kweChina kurwisa hurumende nemasangano akasiyana pasi rose. Panguva ino, chinoshamisira chemushandirapamwe ndechekuti iri kushandisa mamiriro matsva epasi rose econavirus zvakanyanya kutapurira vanhu vangangobatwa.
Iyo phishing email inoita kunge inobva kuMongolia Ministry of Foreign Affairs uye inoti ine ruzivo nezvehuwandu hwevanhu vakatapukirwa nehutachiona. Kushandisa faira iyi, vapambi vakashandisa RoyalRoad, chishandiso chakakurumbira pakati pevagadziri vekuChina chinovatendera kuti vagadzire magwaro echinyakare ane zvinhu zvakamisikidzwa zvinogona kushandisa kusasimba muEquation Mharidzo yakabatanidzwa muMS Word kugadzira yakaoma equations.
Kupona Maitiro
Kana munhu wacho angovhura mafaira eRTF ane hutsinye, Microsoft Word inoshandisa kusazvibata kurodha faira rakashata (intel.wll) muIzwi rekutanga folda (%APPDATA%MicrosoftWordSTARTUP). Uchishandisa nzira iyi, kutyisidzira hakungogadzirisike chete, asi zvakare kunodzivirira cheni yese yehutachiona kubva pakuputika kana ichimhanya mubhokisi rejecha, sezvo Shoko richifanira kutangwazve kuti riburitse zvizere malware.
Iyo intel.wll faira yobva yaisa DLL faira rinoshandiswa kudhawunirodha iyo malware uye kutaurirana neiyo hacker's command uye control server. Iyo yekuraira uye yekudzora sevha inoshanda kwenguva yakati rebei zuva rega rega, zvichiita kuti zviome kuongorora uye kuwana zvikamu zvakaoma kwazvo zvecheni yehutachiona.
Pasinei neizvi, vatsvakurudzi vakakwanisa kuona kuti muchikamu chekutanga cheketani iyi, pakarepo mushure mekugamuchira murairo wakakodzera, RAT inotakurwa uye yakasvibiswa, uye DLL inotakurwa, iyo inotakurwa mundangariro. Iyo plugin-yakafanana yekuvaka inoratidza kuti kune mamwe ma module mukuwedzera kune mubhadharo unoonekwa mumushandirapamwe uyu.
Matanho ekudzivirira kubva kune itsva APT
Mushandirapamwe wakashata uyu unoshandisa manomano akawanda kupinza masisitimu evakabatwa vobva vakanganisa kuchengetedza kwavo ruzivo. Kuti uzvidzivirire kubva kumishandirapamwe yakadai, zvakakosha kutora matanho akawanda.
Yekutanga yakakosha zvakanyanya: zvakakosha kuti vashandi vateerere uye vangwarire kana vachigamuchira maemail. Imeyili ndeimwe yeanonyanya kurwisa mavector, asi inenge hapana kambani inogona kuita pasina email. Kana iwe ukagamuchira email kubva kune asingazivikanwe kutumira, zviri nani kuti urege kuivhura, uye kana iwe ukaivhura, saka usavhura chero zvakabatanidzwa kana kudzvanya pane chero ma link.
Kukanganisa kuchengetedzeka kweruzivo rwevakabatwa, kurwiswa uku kunoshandisa kusadzikama muShoko. Muchokwadi, kusarongeka kwekusagadzikana ndicho chikonzero , uye pamwe chete nedzimwe nyaya dzekuchengetedza, dzinogona kutungamirira kukuputsika kukuru kwedata. Ichi ndicho chikonzero nei zvakakosha kuisa chigamba chakakodzera kuvhara kusagadzikana nekukurumidza sezvinobvira.
Kubvisa matambudziko aya, kune mhinduro dzakagadzirirwa chaizvo kuzivikanwa, . Iyo module inotsvaga otomatiki zvigamba zvinodiwa kuti ive nechokwadi chekuchengetedzeka kwemakomputa ekambani, ichiisa pamberi pezvinonyanya kukurumidza kugadzirisa uye kuronga kuisirwa kwavo. Ruzivo nezve zvigamba zvinoda kuisirwa zvinoshumwa kune maneja kunyangwe kana mabipo uye malware zvaonekwa.
Mhinduro yacho inogona kukonzeresa kuisirwa zvigamba zvinodikanwa uye zvigadziriso, kana kuisirwa kwavo kunogona kurongwa kubva pawebhu-based central management console, kana zvichidikanwa kuparadzanisa makomputa asina kunyorwa. Nenzira iyi, maneja anogona kubata zvigamba uye zvigadziriso kuitira kuti kambani ishande zvakanaka.
Nehurombo, kurwiswa kwecyber kuri mubvunzo hakuzove kwekupedzisira kutora mukana weiyo iripo yepasi rose coronavirus mamiriro kukanganisa kuchengetedzeka kweruzivo rwemabhizinesi.
Source: www.habr.com