Boka rekutyisidzira kweAPT rakachangobva kuwanikwa richishandisa mapfumo ehumbimbindoga kushandisa denda rekoronavirus kugovera malware yavo.
Nyika parizvino iri kusangana nemamiriro ekunze nekuda kweiyo Covid-19 coronavirus denda. Kuedza kumisa kupararira kwehutachiona, nhamba huru yemakambani pasi rose yakatanga nzira itsva yebasa riri kure (kure). Izvi zvakawedzera zvakanyanya nzvimbo yekurwisa, izvo zvinounza dambudziko rakakura kumakambani maererano nekuchengetedza ruzivo, sezvo ivo zvino vanofanirwa kumisa mitemo yakasimba uye kutora matanho.
Nekudaro, iyo yakawedzera kurwiswa kwepasi handiyo yega njodzi yecyber yakabuda mumazuva mashoma apfuura: matsotsi mazhinji epa cyber ari kushingaira kushandisa kusavimbika uku kwepasirese kuita mishandirapamwe yekubira, kugovera malware uye kuisa njodzi kune kuchengetedzwa kwemashoko kwemakambani mazhinji.
APT inoshandisa denda
Mukupera kwesvondo rapfuura, boka reAdvanced Persistent Threat (APT) rainzi Vicious Panda rakaonekwa richiita hurongwa hwekupikisa.
Kurudziro iyi kusvika parizvino yakanangana neruzhinji rweMongolia, uye sekureva kwevamwe nyanzvi dzekuMadokero, inomiririra kurwiswa kwazvino mukuitwa kweChina kurwisa hurumende nemasangano akasiyana pasi rose. Panguva ino, chinoshamisira chemushandirapamwe ndechekuti iri kushandisa mamiriro matsva epasi rose econavirus zvakanyanya kutapurira vanhu vangangobatwa.
Iyo phishing email inoita kunge inobva kuMongolia Ministry of Foreign Affairs uye inoti ine ruzivo nezvehuwandu hwevanhu vakatapukirwa nehutachiona. Kushandisa faira iyi, vapambi vakashandisa RoyalRoad, chishandiso chakakurumbira pakati pevagadziri vekuChina chinovatendera kuti vagadzire magwaro echinyakare ane zvinhu zvakamisikidzwa zvinogona kushandisa kusasimba muEquation Mharidzo yakabatanidzwa muMS Word kugadzira yakaoma equations.
Kupona Maitiro
Kana munhu wacho angovhura mafaira eRTF ane hutsinye, Microsoft Word inoshandisa kusazvibata kurodha faira rakashata (intel.wll) muIzwi rekutanga folda (%APPDATA%MicrosoftWordSTARTUP). Uchishandisa nzira iyi, kutyisidzira hakungogadzirisike chete, asi zvakare kunodzivirira cheni yese yehutachiona kubva pakuputika kana ichimhanya mubhokisi rejecha, sezvo Shoko richifanira kutangwazve kuti riburitse zvizere malware.
Iyo intel.wll faira yobva yaisa DLL faira rinoshandiswa kudhawunirodha iyo malware uye kutaurirana neiyo hacker's command uye control server. Iyo yekuraira uye yekudzora sevha inoshanda kwenguva yakati rebei zuva rega rega, zvichiita kuti zviome kuongorora uye kuwana zvikamu zvakaoma kwazvo zvecheni yehutachiona.
Pasinei neizvi, vatsvakurudzi vakakwanisa kuona kuti muchikamu chekutanga cheketani iyi, pakarepo mushure mekugamuchira murairo wakakodzera, RAT inotakurwa uye yakasvibiswa, uye DLL inotakurwa, iyo inotakurwa mundangariro. Iyo plugin-yakafanana yekuvaka inoratidza kuti kune mamwe ma module mukuwedzera kune mubhadharo unoonekwa mumushandirapamwe uyu.
Matanho ekudzivirira kubva kune itsva APT
Mushandirapamwe wakashata uyu unoshandisa manomano akawanda kupinza masisitimu evakabatwa vobva vakanganisa kuchengetedza kwavo ruzivo. Kuti uzvidzivirire kubva kumishandirapamwe yakadai, zvakakosha kutora matanho akawanda.
Yekutanga yakakosha zvakanyanya: zvakakosha kuti vashandi vateerere uye vangwarire kana vachigamuchira maemail. Imeyili ndeimwe yeanonyanya kurwisa mavector, asi inenge hapana kambani inogona kuita pasina email. Kana iwe ukagamuchira email kubva kune asingazivikanwe kutumira, zviri nani kuti urege kuivhura, uye kana iwe ukaivhura, saka usavhura chero zvakabatanidzwa kana kudzvanya pane chero ma link.
Kukanganisa kuchengetedzeka kweruzivo rwevakabatwa, kurwiswa uku kunoshandisa kusadzikama muShoko. Muchokwadi, kusarongeka kwekusagadzikana ndicho chikonzero
Kubvisa matambudziko aya, kune mhinduro dzakagadzirirwa chaizvo kuzivikanwa,
Mhinduro yacho inogona kukonzeresa kuisirwa zvigamba zvinodikanwa uye zvigadziriso, kana kuisirwa kwavo kunogona kurongwa kubva pawebhu-based central management console, kana zvichidikanwa kuparadzanisa makomputa asina kunyorwa. Nenzira iyi, maneja anogona kubata zvigamba uye zvigadziriso kuitira kuti kambani ishande zvakanaka.
Nehurombo, kurwiswa kwecyber kuri mubvunzo hakuzove kwekupedzisira kutora mukana weiyo iripo yepasi rose coronavirus mamiriro kukanganisa kuchengetedzeka kweruzivo rwemabhizinesi.
Source: www.habr.com