Iqembu lezinsongo ze-APT lisanda kutholwa kusetshenziswa imikhankaso yobugebengu bokweba imininingwane ebucayi ukuze kuxhashazwe ubhubhane lwe-coronavirus ukusabalalisa uhlelo lwabo olungayilungele ikhompyutha.
Umhlaba njengamanje ubhekene nesimo esiyingqayizivele ngenxa yobhubhane lwamanje lwe-Covid-19. Ukuzama ukunqanda ukusabalala kwaleli gciwane, inqwaba yezinkampani emhlabeni wonke yethule indlela entsha yomsebenzi oqhelile (okude). Lokhu kukhulise kakhulu indawo yokuhlasela, okubekela izinkampani inselelo enkulu ngokwezokuphepha kolwazi, njengoba manje sezidinga ukusungula imithetho eqinile futhi zithathe izinyathelo. ukuqinisekisa ukuqhubeka nokusebenza kwebhizinisi nezinhlelo zalo ze-IT.
Kodwa-ke, indawo yokuhlasela enwetshiwe akuyona yodwa ingozi yohleloxhumano ngesiqoqelalwazi eye yavela ezinsukwini ezimbalwa ezedlule: izigebengu eziningi ze-inthanethi zisebenzisa ngokugcwele lokhu kungaqiniseki komhlaba wonke ukuze zenze imikhankaso yobugebengu bokweba imininingwane ebucayi, ukusabalalisa uhlelo olungayilungele ikhompuyutha futhi zibe usongo ekuvikelekeni kolwazi ezinkampanini eziningi.
I-APT isebenzisa ubhubhane
Ekupheleni kwesonto eledlule, kutholwe iqembu le-Advanced Persistent Threat (APT) elibizwa ngeVicious Panda ebeliqhuba imikhankaso yokulwa , besebenzisa ubhubhane lwe-coronavirus ukusabalalisa uhlelo lwabo olungayilungele ikhompuyutha. I-imeyili itshele umemukeli ukuthi iqukethe imininingwane nge-coronavirus, kodwa empeleni i-imeyili iqukethe amafayela amabili anonya e-RTF (Rich Text Format). Uma isisulu sivula lawa mafayela, kwethulwa i-Remote Access Trojan (RAT), phakathi kwezinye izinto, eyayikwazi ukuthatha izithombe-skrini, idale uhlu lwamafayela nezinkomba kukhompyutha yesisulu, nokulanda amafayela.
Lo mkhankaso kuze kube manje usuqondise emkhakheni kahulumeni waseMongolia futhi, ngokusho kwabanye ochwepheshe baseNtshonalanga, umele ukuhlasela kwakamuva ekusebenzeni okuqhubekayo kwamaShayina ngokumelene nohulumeni nezinhlangano ezihlukahlukene emhlabeni jikelele. Kulokhu, okungavamile komkhankaso ukuthi usebenzisa isimo esisha se-coronavirus yomhlaba wonke ukuthelela abantu abangaba izisulu zawo.
I-imeyili yobugebengu bokweba imininingwane ebucayi ibonakala ivela eMnyangweni Wezangaphandle WaseMongolia futhi ithi iqukethe imininingwane ngenani labantu abangenwe yileli gciwane. Ukuze bahlomise leli fayela, abahlaseli basebenzise i-RoyalRoad, ithuluzi elidumile phakathi kwabenzi bosongo base-China elibavumela ukuthi bakhe amadokhumenti angokwezifiso anezinto ezishumekiwe ezingasebenzisa ubungozi ku-Equation Editor ehlanganiswe ku-MS Word ukuze bakhe izibalo eziyinkimbinkimbi.
Amasu Okusinda
Uma isisulu sesivule amafayela e-RTF anonya, i-Microsoft Word isebenzisa ubungozi bokulayisha ifayela eliyingozi (intel.wll) kufolda yokuqalisa ye-Word (%APPDATA%MicrosoftWordSTARTUP). Ukusebenzisa le ndlela, akugcini nje ngokuqina usongo, kodwa futhi kuvimbela lonke iketango lokutheleleka ukuthi liqhume lapho lisebenza ku-sandbox, njengoba i-Word kufanele iqalwe kabusha ukuze iqalise ngokugcwele uhlelo olungayilungele ikhompuyutha.
Ifayela le-intel.wll libe selilayisha ifayela le-DLL elisetshenziselwa ukulanda uhlelo olungayilungele ikhompuyutha futhi lixhumane nomyalo nokulawula isiphakeli sobugebengu. Iseva yomyalo nokulawula isebenza isikhathi esinqunyelwe kakhulu usuku ngalunye, okwenza kube nzima ukuhlaziya nokufinyelela izingxenye eziyinkimbinkimbi kakhulu zeketango lokutheleleka.
Naphezu kwalokhu, abacwaningi bakwazi ukunquma ukuthi esigabeni sokuqala salolu chungechunge, ngokushesha ngemva kokuthola umyalo ofanele, i-RAT ilayishwa futhi ihlanjululwe, futhi i-DLL ilayishwa, elayishwa ememori. Isakhiwo esifana ne-plugin siphakamisa ukuthi kukhona amanye amamojula ngaphezu komthwalo obonakalayo kulo mkhankaso.
Izinyathelo zokuzivikela ngokumelene ne-APT entsha
Lo mkhankaso ononya usebenzisa amaqhinga amaningi ukuze ungene ezinhlelweni zabo abazisulu bese ufaka engozini ukuphepha kolwazi lwabo. Ukuze uzivikele emikhankasweni enjalo, kubalulekile ukuthatha izinyathelo eziningi.
Esokuqala sibaluleke kakhulu: kubalulekile ukuthi abasebenzi baqaphele futhi baqaphele lapho bethola ama-imeyili. I-imeyili ingenye yezindawo zokuhlasela eziyinhloko, kodwa cishe ayikho inkampani engayenza ngaphandle kwe-imeyili. Uma uthola i-imeyili evela kumthumeli ongaziwa, kungcono ungayivuli, futhi uma uyivula, ungavuli noma yikuphi okunamathiselwe noma uchofoze noma yiziphi izixhumanisi.
Ukuze kwehliswe ukuphepha kolwazi kwezisulu zakho, lokhu kuhlasela kusebenzisa ukuba sengozini kwe-Word. Eqinisweni, ubuthakathaka obungavaliwe yisizathu , kanye nezinye izinkinga zokuphepha, zingaholela ekwephulweni kwedatha okukhulu. Yingakho kubaluleke kakhulu ukusebenzisa ipheshi elifanele ukuvala ukuba sengozini ngokushesha okukhulu.
Ukuqeda lezi zinkinga, kunezixazululo eziklanyelwe ukuhlonza, . Imojula isesha ngokuzenzakalelayo amapheshana adingekayo ukuze kuqinisekiswe ukuphepha kwamakhompyutha enkampani, ibeka phambili izibuyekezo eziphuthuma kakhulu futhi ihlela ukufakwa kwawo. Ulwazi olumayelana namapeshi adinga ukufakwa lubikwa kumlawuli ngisho noma kutholwa izinto ezisetshenziswayo nohlelo olungayilungele ikhompuyutha.
Isixazululo singakwazi ukuqalisa ngokushesha ukufakwa kweziqephu ezidingekayo nezibuyekezo, noma ukufakwa kwazo kungahlelwa kusukela kukhonsoli yokuphatha emaphakathi esekelwe kuwebhu, uma kudingekile ukuhlukanisa amakhompyutha angakapakishwa. Ngale ndlela, umlawuli angakwazi ukuphatha ama-patches nezibuyekezo ukuze agcine inkampani isebenza kahle.
Ngeshwa, ukuhlasela kwe-cyber okukhulunywa ngakho ngeke kube okokugcina ukusizakala ngesimo samanje se-coronavirus yomhlaba wonke ukubeka engcupheni ukuphepha kolwazi lwamabhizinisi.
Source: www.habr.com