Kwiveki ephelileyo uKommersant , ukuba "iziseko zomthengi we-Street Beat kunye ne-Sony Centre zazikho kwindawo yoluntu," kodwa ngokwenene yonke into imbi kakhulu kunokuba ibhalwe kwinqaku.
Sele ndilwenzile ucazululo olunzulu lobugcisa boku kuvuza. , ngoko apha siza kudlula kuphela iingongoma eziphambili.
Дисклеймер: вся информация ниже публикуется исключительно в образовательных целях. Автор не получал доступа к персональным данным третьих лиц и компаний. Информация взята либо из открытых источников, либо была предоставлена автору анонимными доброжелателями.Enye iseva ye-Elasticsearch enezalathisi yayifumaneka simahla:
- igreylog2_0
- yokufundwa
- Umbhalo_ungekho
- http:
- igreylog2_1
В igreylog2_0 equlathe iinkuni ukusuka ngoNovemba 16.11.2018, 2019 ukuya kuMatshi XNUMX, kwaye kwi igreylog2_1 -logs ukusuka ngoMatshi 2019 ukuya 04.06.2019/XNUMX/XNUMX. Kude kufikelelwe kwi-Elasticsearch ivaliwe, inani leerekhodi ngaphakathi igreylog2_1 wakhula.
Ngokutsho kwe-injini yokukhangela ye-Shodan, le Elasticsearch ifumaneka ngokukhululekileyo ukususela ngoNovemba 12.11.2018, 16.11.2018 (njengoko kubhaliwe ngasentla, ukufakwa kokuqala kwiilogi kubhalwe ngoNovemba XNUMX, XNUMX).
Kwizigodo, ebaleni gl2_remote_ip Iidilesi ze-IP 185.156.178.58 kunye 185.156.178.62 zichaziwe, ngamagama e-DNS srv2.inventive.ru и srv3.inventive.ru:
Ndazisa Iqela loRhwebo lokuQala (www.inventive.ru) malunga nengxaki ngo-04.06.2019/18/25 ngo-22:30 (ixesha laseMoscow) kwaye ngo-XNUMX:XNUMX umncedisi "uthule" wanyamalala ukufikelela kuluntu.
Iilogi eziqulethwe (zonke iinkcukacha ziqikelelo, iimpinda azizange zisuswe kubalo, ngoko ke umthamo wolwazi lokwenyani oluvuzayo unokuba ngaphantsi):
- ngaphezu kwezigidi ezi-3 zeedilesi ze-imeyile zabathengi abavela kwi-re:Store, Samsung, Street Beat kunye neevenkile ze-Lego
- ngaphezu kwezigidi ezisi-7 iinombolo zefowuni zabathengi abavela kwi-re:Store, i-Sony, i-Nike, i-Street Beat kunye neevenkile ze-Lego
- ngaphezu kwe-21 lamawaka lokungena/igama lokugqitha kwii-akhawunti zobuqu zabathengi bevenkile yakwaSony kunye neStreet Beat.
- uninzi lweerekhodi ezineenombolo zefowuni kunye ne-imeyile nazo zinamagama apheleleyo (kaninzi ngesiLatini) kunye neenombolo zekhadi lokuthembeka.
Umzekelo osuka kwilog enxulumene nomxhasi wevenkile yakwaNike (yonke idatha enovakalelo endaweni yayo ngo"X" oonobumba):
"message": "{"MESSAGE":"[URI] /personal/profile/[МЕТОД ЗАПРОСА] contact[ДАННЫЕ POST] Arrayn(n [contact[phone]] => +7985026XXXXn [contact[email]] => XXX@mail.run [contact[channel]] => n [contact[subscription]] => 0n)n[ДАННЫЕ GET] Arrayn(n [digital_id] => 27008290n [brand] => NIKEn)n[ОТВЕТ СЕРВЕРА] Код ответа - 200[ОТВЕТ СЕРВЕРА] stdClass Objectn(n [result] => successn [contact] => stdClass Objectn (n [phone] => +7985026XXXXn [email] => XXX@mail.run [channel] => 0n [subscription] => 0n )nn)n","DATE":"31.03.2019 12:52:51"}",Kwaye nanku umzekelo wendlela yokungena kunye neephasiwedi ezivela kwiiakhawunti zomntu zabathengi kwiiwebhusayithi zagcinwa sc-store.ru и street-beat.ru:
"message":"{"MESSAGE":"[URI]/action.php?a=login&sessid=93164e2632d9bd47baa4e51d23ac0260&login=XXX%40gmail.com&password=XXX&remember=Y[МЕТОД ЗАПРОСА] personal[ДАННЫЕ GET] Arrayn(n [digital_id] => 26725117n [brand]=> SONYn)n[ОТВЕТ СЕРВЕРА] Код ответа - [ОТВЕТ СЕРВЕРА] ","DATE":"22.04.2019 21:29:09"}"Ingxelo esemthethweni ye-IRG ngesi siganeko ingafundwa , isicatshulwa kuyo:
Asikwazanga ukuyihoxisa le ngongoma kwaye sitshintshe amagama ayimfihlo kwiiakhawunti zomntu zabathengi zibe zesikhashana, ukwenzela ukuphepha ukusetyenziswa okunokwenzeka kwedatha kwiiakhawunti zomntu ngeenjongo zobuqhetseba. Inkampani ayiqinisekisi ukuvuza kwedatha yomuntu siqu yabathengi be-street-beat.ru. Zonke iiprojekthi ze-Inventive Retail Group ziye zajongwa. Akukho zigrogriso kwidatha yabathengi ezifunyenweyo.
Kubi ukuba i-IRG ayikwazi ukufumanisa ukuba yintoni evuzayo kwaye yintoni engazange ivuze. Nanku umzekelo osuka kwilog enxulumene nomxhasi wevenkile yeSitrato Beat:
"message": "{"MESSAGE":"'DATA' => ['URI' => /local/components/multisite/order/ajax.php,'МЕТОД ЗАПРОСА' = contact,'ДАННЫЕ POST' = Arrayn(n [contact[phone]] => 7915545XXXXn)n,'ДАННЫЕ GET' =nttArrayn(n [digital_id] => 27016686n [brand] => STREETBEATn)n,'ОТВЕТ СЕРВЕРА' = 'Код ответа - '200,'RESPONCE' = stdClass Objectn(n [result] => successn [contact] => stdClass Objectn (n [phone] => +7915545XXXXn [email] => XXX@gmail.com","Дата":"01.04.2019 08:33:48"}",Nangona kunjalo, masiqhubele phambili kwiindaba ezimbi kakhulu kwaye sichaze ukuba kutheni oku kukuvuza kwedatha yobuqu yabathengi be-IRG.
Ukuba ujonga ngokusondeleyo kwizalathisi zale Elasticsearch efumaneka simahla, uya kuqaphela amagama amabini kuzo: yokufundwa и Umbhalo_ungekho. Olu luphawu lweempawu zomnye wemibhalo emininzi yeransomware. Ichaphazele ngaphezulu kwe-4 amawaka eeseva ze-Elasticsearch kwihlabathi liphela. Umxholo yokufundwa libukeka kanje:
"ALL YOUR INDEX AND ELASTICSEARCH DATA HAVE BEEN BACKED UP AT OUR SERVERS, TO RESTORE SEND 0.1 BTC TO THIS BITCOIN ADDRESS 14ARsVT9vbK4uJzi78cSWh1NKyiA2fFJf3 THEN SEND AN EMAIL WITH YOUR SERVER IP, DO NOT WORRY, WE CAN NEGOCIATE IF CAN NOT PAY"Ngelixa iseva eneelog ze-IRG yayifikeleleka ngokukhululekileyo, iskripthi se-ransomware ngokuqinisekileyo safumana ukufikelela kulwazi lwabathengi kwaye, ngokomyalezo owushiyileyo, idatha yakhutshelwa.
Ukongeza, andithandabuzeki ukuba le datha yafunyanwa phambi kwam kwaye sele ikhutshiwe. Ndingade ndithi ndiqinisekile ngale nto. Akukho mfihlo yokuba ezo nkcukacha zivuliweyo zikhangelwa ngenjongo kwaye zikhutshwe.
Iindaba malunga nokuvuza kolwazi kunye nabangaphakathi banokuhlala befumaneka kwijelo lam leTelegram "" .
umthombo: www.habr.com
