Ngesonto eledlule u-Kommersant , ukuthi "izisekelo zamaklayenti ze-Street Beat ne-Sony Center zazisesizinda somphakathi," kodwa empeleni yonke into imbi kakhulu kunalokho okulotshwe esihlokweni.
Sengivele ngenze ukuhlaziya okuningiliziwe kwezobuchwepheshe kwalokhu kuvuza. , ngakho lapha sizodlula amaphuzu ayinhloko kuphela.
Дисклеймер: вся информация ниже публикуется исключительно в образовательных целях. Автор не получал доступа к персональным данным третьих лиц и компаний. Информация взята либо из открытых источников, либо была предоставлена автору анонимными доброжелателями.Enye iseva ye-Elasticsearch enezinkomba ibitholakala mahhala:
- umbala ompunga2_0
- likaNGIFUNDE
- Unauth_text
- http:
- umbala ompunga2_1
В umbala ompunga2_0 iqukethe izingodo kusukela ngoNovemba 16.11.2018, 2019 kuya kuMashi XNUMX, futhi umbala ompunga2_1 - izingodo kusukela ngoMashi 2019 kuya ku-04.06.2019/XNUMX/XNUMX. Kuze kube yilapho ukufinyelela ku-Elasticsearch kuvalwe, inani lamarekhodi angaphakathi umbala ompunga2_1 lakhula.
Ngokusho kwenjini yokusesha yakwaShodan, le Elasticsearch ibilokhu itholakala mahhala kusukela ngomhlaka-12.11.2018 Novemba 16.11.2018 (njengoba kubhaliwe ngenhla, ukufakwa kokuqala kwamalogi kungomhla ziyi-XNUMX kuNovemba XNUMX).
Ezingodweni, ensimini gl2_remote_ip Amakheli e-IP 185.156.178.58 kanye no-185.156.178.62 acacisiwe, anamagama e-DNS srv2.inventive.ru и srv3.inventive.ru:
Ngazisa I-Inventive Retail Group (www.inventive.ru) mayelana nenkinga ngo-04.06.2019/18/25 ngo-22:30 (isikhathi saseMoscow) futhi ngo-XNUMX:XNUMX iseva "buthule" yanyamalala ekufinyeleleni komphakathi.
Amalogi aqukethwe (yonke idatha iyizilinganiso, izimpinda azizange zikhishwe ezibalweni, ngakho inani lolwazi lwangempela oluputshuziwe cishe lincane):
- amakheli e-imeyili angaphezu kwezigidi ezi-3 amakhasimende avela ezitolo ze-re:Store, Samsung, Street Beat kanye ne-Lego
- izinombolo zocingo ezingaphezu kwezigidi ezingu-7 zamakhasimende avela ezitolo ze-re:Store, Sony, Nike, Street Beat kanye ne-Lego
- ngaphezu kwezinkulungwane ezingama-21 zamapheya wokungena/iphasiwedi avela kuma-akhawunti omuntu siqu wabathengi bezitolo ze-Sony ne-Street Beat.
- amarekhodi amaningi anezinombolo zocingo kanye ne-imeyili nawo ayenamagama aphelele (ngokuvamile ngesiLatini) nezinombolo zekhadi lokwethembeka.
Isibonelo esiphuma kulogi ehlobene neklayenti lesitolo se-Nike (yonke idatha ebucayi ithathelwe indawo izinhlamvu ezithi “X”):
"message": "{"MESSAGE":"[URI] /personal/profile/[МЕТОД ЗАПРОСА] contact[ДАННЫЕ POST] Arrayn(n [contact[phone]] => +7985026XXXXn [contact[email]] => [email protected] [contact[channel]] => n [contact[subscription]] => 0n)n[ДАННЫЕ GET] Arrayn(n [digital_id] => 27008290n [brand] => NIKEn)n[ОТВЕТ СЕРВЕРА] Код ответа - 200[ОТВЕТ СЕРВЕРА] stdClass Objectn(n [result] => successn [contact] => stdClass Objectn (n [phone] => +7985026XXXXn [email] => [email protected] [channel] => 0n [subscription] => 0n )nn)n","DATE":"31.03.2019 12:52:51"}",Futhi nasi isibonelo sendlela ukungena ngemvume namaphasiwedi asuka kuma-akhawunti omuntu siqu wabathengi kumawebhusayithi agcinwe kanjani sc-store.ru и street-beat.ru:
"message":"{"MESSAGE":"[URI]/action.php?a=login&sessid=93164e2632d9bd47baa4e51d23ac0260&login=XXX%40gmail.com&password=XXX&remember=Y[МЕТОД ЗАПРОСА] personal[ДАННЫЕ GET] Arrayn(n [digital_id] => 26725117n [brand]=> SONYn)n[ОТВЕТ СЕРВЕРА] Код ответа - [ОТВЕТ СЕРВЕРА] ","DATE":"22.04.2019 21:29:09"}"Isitatimende esisemthethweni se-IRG ngalesi sigameko singafundwa , ingcaphuno esuka kuyo:
Asikwazanga ukuziba leli phuzu futhi sashintsha amagama ayimfihlo siwafaka kuma-akhawunti omuntu siqu amaklayenti sawenza awesikhashana, ukuze sigweme ukusetshenziswa okungenzeka kwedatha evela kuma-akhawunti omuntu siqu ngezinjongo zokukhwabanisa. Inkampani ayikuqinisekisi ukuvuza kwedatha yomuntu siqu yamakhasimende e-street-beat.ru. Wonke amaphrojekthi we-Inventive Retail Group aphinde ahlolwa. Azikho izinsongo kudatha yomuntu siqu yamakhasimende ezitholiwe.
Kubi ukuthi i-IRG ayikwazi ukuthola ukuthi yini eputshukile nokuthi yini engavuzanga. Nasi isibonelo esivela kulogi elihlobene neklayenti lesitolo se-Street Beat:
"message": "{"MESSAGE":"'DATA' => ['URI' => /local/components/multisite/order/ajax.php,'МЕТОД ЗАПРОСА' = contact,'ДАННЫЕ POST' = Arrayn(n [contact[phone]] => 7915545XXXXn)n,'ДАННЫЕ GET' =nttArrayn(n [digital_id] => 27016686n [brand] => STREETBEATn)n,'ОТВЕТ СЕРВЕРА' = 'Код ответа - '200,'RESPONCE' = stdClass Objectn(n [result] => successn [contact] => stdClass Objectn (n [phone] => +7915545XXXXn [email] => [email protected]","Дата":"01.04.2019 08:33:48"}",Nokho, asiqhubekele ezindabeni ezimbi ngempela futhi sichaze ukuthi kungani lokhu kuwukuputshuka kwedatha yomuntu siqu yamaklayenti e-IRG.
Uma ubhekisisa izinkomba zale Elasticsearch etholakala mahhala, uzoqaphela amagama amabili kuzo: likaNGIFUNDE и Unauth_text. Lolu wuphawu lwesici somunye wemibhalo eminingi ye-ransomware. Kuthinte amaseva e-Elasticsearch angaphezu kwezinkulungwane ezi-4 emhlabeni jikelele. Okuqukethwe likaNGIFUNDE kubukeka kanjena:
"ALL YOUR INDEX AND ELASTICSEARCH DATA HAVE BEEN BACKED UP AT OUR SERVERS, TO RESTORE SEND 0.1 BTC TO THIS BITCOIN ADDRESS 14ARsVT9vbK4uJzi78cSWh1NKyiA2fFJf3 THEN SEND AN EMAIL WITH YOUR SERVER IP, DO NOT WORRY, WE CAN NEGOCIATE IF CAN NOT PAY"Ngenkathi iseva enamalogi e-IRG yayifinyeleleka ngokukhululekile, iskripthi se-ransomware sithole ukufinyelela olwazini lwamakhasimende futhi, ngokomlayezo esiwushiyile, idatha yalandwa.
Ngaphezu kwalokho, angingabazi ukuthi le database yatholwa ngaphambi kwami futhi isivele ilandwe. Ngingaze ngisho ngithi nginesiqiniseko salokhu. Ayikho imfihlo ukuthi imininingwane egciniwe enjalo iseshwa ngamabomu futhi ikhishwe.
Izindaba mayelana nokuvuza kolwazi kanye nabangaphakathi zingatholakala njalo esiteshini sami seTelegram "»: .
Source: www.habr.com