Abaduni baseShayina Ukweqa ukuqinisekiswa kwezinto ezimbili, kodwa lokhu akuqinisekile. Ngezansi kukhona okucatshangwayo kwenkampani ye-Dutch cybersecurity i-Fox-IT. Baphakamisa, nakuba kungekho bufakazi obuqondile, ukuthi iqembu labaduni elibizwa nge-APT20 lisebenzela uhulumeni wase-China.
Umsebenzi wokugebenga okuthiwa wenziwa yiqembu le-APT20 watholwa okokuqala ngo-2011. Leli qembu lanyamalala ku-radar yochwepheshe ngo-2016–2017, futhi muva nje lapho i-Fox-IT ithole iminonjana yokungena kwe-APT20 kunethiwekhi yelinye lamakhasimende ayo, elalicele uphenyo ngokuphulwa kwe-cybersecurity.
Ngokusho kwe-Fox-IT, eminyakeni emibili edlule, iqembu le-APT20 belilokhu ligebenga futhi lifinyelela idatha evela ezinhlanganweni zikahulumeni, izinkampani ezinkulu, nabahlinzeki bezinsizakalo e-United States, France, Germany, Italy, Mexico, Portugal, Spain, United Kingdom naseBrazil. Abaduni be-APT20 nabo bebesebenza emikhakheni efana nendiza, ukunakekelwa kwezempilo, ezezimali, umshwalense, amandla, ngisho nokugembula kanye nezingidi zikagesi.
Abaduni be-APT20 ngokuvamile baxhaphaza ubungozi kumaseva ewebhu, ikakhulukazi inkundla yesicelo se-Jboss yebhizinisi, ukuze bafinyelele amasistimu ezisulu. Ngemva kokuthola ukufinyelela nokufaka amagobolondo, abaduni babe sebengena kuzo zonke izinhlelo ezingenzeka ngamanethiwekhi ezisulu. Ama-akhawunti atholiwe avumele abahlaseli ukuthi bantshontshe idatha besebenzisa amathuluzi ajwayelekile, ngaphandle kokufaka uhlelo olungayilungele ikhompuyutha. Kodwa isici esithinta kakhulu ukuthi iqembu le-APT20 kuthiwa likwazile ukweqa ukuqinisekiswa kwezinto ezimbili lisebenzisa amathokheni.
Abacwaningi bathi bathole ubufakazi bokuthi abaduni baxhumeke kuma-akhawunti e-VPN avikelwe ukuqinisekiswa kwezinto ezimbili. Ochwepheshe be-Fox-IT bangaqagela kuphela ukuthi lokhu kwenzeke kanjani. Incazelo okungenzeka kakhulu ukuthi abaduni bantshontshe ithokheni yesofthiwe ye-RSA SecurID ohlelweni olusengozini. Ngokusebenzisa isofthiwe eyebiwe, izigebengu zingase zikhiqize amakhodi esikhathi esisodwa ukuze zidlule ukuqinisekiswa kwezinto ezimbili.
Ngaphansi kwezimo ezijwayelekile, lokhu akunakwenzeka. Ithokheni yesofthiwe ngeke isebenze ngaphandle kwethokheni yehadiwe exhunywe kusistimu yendawo. Ngaphandle kwalo, uhlelo lwe-RSA SecurID lubuyisela iphutha. Ithokheni yesofthiwe yenzelwe uhlelo oluthile, futhi ngokufinyelela ku-hardware yesisulu, inombolo ethile ingatholakala ukuze kuqalise ithokheni yesofthiwe.
Ochwepheshe be-Fox-IT bathi ukufinyelela kukhompuyutha yesisulu kanye nethokheni yehadiwe akudingekile ukuze uqalise ithokheni yesofthiwe (eyebiwe). Yonke inqubo yokuqala yokuqinisekisa iphothulwa kuphela lapho kungenisa i-vector yokuqala—inombolo engahleliwe engu-128-bit ehambisana nethokheni ethile (). Le nombolo ayihlobene nembewu, esetshenziselwa ukukhiqiza ithokheni yesofthiwe yangempela. Uma ukuhlola Kwembewu Yethokheni Ye-SecurID kungase kudlulwe ngandlela thize (kufakwe nezichibiyelo), ngakho-ke akukho okuzovimbela ukukhiqizwa okulandelayo kwamakhodi wokuqinisekisa wezinto ezimbili. I-Fox-IT ithi ukweqa isheke kungafinyelelwa ngokushintsha umyalo owodwa nje. Ngemuva kwalokhu, uhlelo lwesisulu luzofinyeleleka ngokuphelele futhi ngokusemthethweni kumhlaseli, ngaphandle kwesidingo samathuluzi akhethekile noma amagobolondo.
Source: 3dnews.ru
