ToddyCat¹¥»÷¼¼ÊõÉý¼¶ £¬¾«×¼ÇÔÈ¡ÆóÒµÓʼþ

°ä²¼¹¦·ò 2025-11-27

1. ToddyCat¹¥»÷¼¼ÊõÉý¼¶ £¬¾«×¼ÇÔÈ¡ÆóÒµÓʼþ


11ÔÂ25ÈÕ £¬ÍøÂ簲ȫ×êÑÐÏÔʾ £¬³ÛÃûÍþвÐÐΪÕßToddyCatÍÅ»ïÕýͨ¹ýÐÂÐ͹¥»÷¼¿Á©¶¨ÏòÇÔÈ¡ÆóÒµÓʼþÊý¾Ý¡£¸ÃÍÅ»ï×Ô2020ÄêÆð³ÖÐø»îÔ¾ £¬ÖØÒªÕë¶ÔÅ·ÖÞ¼°ÑÇÖÞ¶à¹ú×éÖ¯ÌáÒé¹¥»÷ £¬Æä¼¼Êõ¼¿Á©²»Ðݵü´úÉý¼¶¡£Ö÷Ìâ¹¥»÷Á´ÖÐ £¬ÍÅ»ïѡȡ¶¨Ô컯¹¤¾ßTCSectorCopy £¬Í¨¹ýC++¿ª·¢ÊµÏÖÈÆ¹ýOutlookÔËÐÐʱ½Ó¼ûÏÞ¶È £¬ÒÔÖ»¶Áģʽ¹ÒÔØ´ÅÅ̲¢°´ÉÈÇø°¤´Î¸´ÔìOSTÀëÏß´æ´¢Îļþ £¬½áºÏ¿ªÔ´¹¤¾ßXstReaderÌáÈ¡ÓʼþÄÚÈÝ¡£Õë¶ÔÔÆ·þÎñ³¡¾° £¬¹¥»÷ÕßÀûÓÿªÔ´C#¹¤¾ßSharpTokenFinder´ÓÄÚ´æÖÐץȡMicrosoft 365Ã÷ÎÄJWTÁîÅÆ £¬Óö°²È«Èí¼þÀ¹½ØÊ±Ôò¸ÄÓÃSysinternalsµÄProcDump¹¤¾ßÇ¿Ôìdump Outlook¹ý³ÌÄÚ´æ¡£ÔÚºáÏòÉøÈë½×¶Î £¬TomBerBil¹¤¾ßͨ¹ý´òË㹤×÷Ö´ÐÐPowerShellºÅÁî £¬ÀûÓÃSMBºÍ̸ËÑË÷Ô¶³ÌÖ÷»úä¯ÀÀÆ÷º¹Çà¼Í¼¡¢Cookie¼°Í´´¦¡£Ö»¹ÜÃô¸ÐÎļþÊÜDPAPI¼ÓÃÜ £¬µ«Ð°æTomBerBil¿É¸´ÔìÓû§¼ÓÃÜÃÜÔ¿Îļþ £¬½áºÏSID¼°ÃÜÂëÔÚ±¾µØÊµÏÖ½âÃÜ¡£


https://thehackernews.com/2025/11/toddycats-new-hacking-tools-steal.html


2. Î÷°àÑÀTravel Clubƽ̨ÔâEverestÀÕË÷Èí¼þ¹¥»÷


11ÔÂ25ÈÕ £¬ÔËÓªÎ÷°àÑÀ³ÛÃûͬÃËÖÒ³Ï¶ÈÆ½Ì¨Travel ClubµÄÎ÷°àÑÀº½¿ÕÀï³Ì¹«Ë¾£¨Air Miles Espa?a£©Ôâ·êEverestÀÕË÷Èí¼þÍŻ﹥»÷¡£ºÚ¿ÍÔÚ°µÍøÐ¹Â¼ûÅ»§°ä²¼Ô̺¬ÆëÈ«Óû§ÐÕÃû¡¢ÓÊÏä¼°Öҳ϶ȴòËãÊý¾ÝµÄCSVÎĵµ½ØÍ¼ £¬Ë乫˾ÉÐδ¹«¿ªÖ¤Êµ £¬µ«Æ¾¾Ý¸ÃÍŻʵÏÖÊý¾ÝÇÔÈ¡ºó¹«¿ªÊܺ¦»ú¹¹¡±µÄº¹Çà·¨¹æ £¬ÉêÃ÷¿ÉÐŶȽϸß¡£CybernewsÒÑÁªÏµÆ½Ì¨×·ÇóÖÃÆÀ £¬½«¸ú½øºóÐø»ØÓ¦¡£Travel ClubÔÚÎ÷°àÑÀÕ¼Óг¬600ÍòÓû§ £¬Óû§¿Éͨ¹ýÁãÊÛ¡¢º½¿Õ¡¢È¼Óͼ°ÔÚÏßÉ̼ҺÏ×÷ͬ°éÀÛ»ý»ý·Ö £¬ºÏ×÷·½º­¸ÇÀׯÕË÷¶ûÄÜÔ´¡¢EroskiÁãÊÛ¼¯ÍÅ¡¢ÒÁ±ÈÀûÑǺ½¿ÕµÈ´óÐÍÆ·ÅÆ £¬ÔÚÎ÷°àÑÀ¸æ°×¼°Öҳ϶ȼν±Éú̬ÖÐÕ¼¾ÝÖ÷Ìâְλ¡£Õâ´ÎÊý¾Ýй¶ӰÏìÔ¶³¬Í¨³£Ïû·ÑÕß²ãÃæ £¬¿ÉÄܲ¨¼°ËùÓÐÒÀÀµ¸Ãƽ̨·ÖÎöÊý¾ÝÓë½»²æÍƹãµÄÓªÏúºÏ×÷ͬ°é¡¢ÁãÊÛÁ¬Ëø¼°¸æ°×ÉÌ £¬Ðγɡ°Óû§-ÆóÒµ-Éú̬¡±Èý¼¶·çÏÕÁ´¡£


https://cybernews.com/security/travel-club-spain-everest-ransomware/


3. Money MartÔâEverestÀÕË÷Èí¼þ¹¥»÷


11ÔÂ26ÈÕ £¬EverestÀÕË÷Èí¼þ×éÖ¯¶Ô±±ÃÀ¡°µ±ÈÕ¡±½ðÈÚ·þÎñ¾ÞÍ·Money MartÌáÒé¹¥»÷ £¬Ð¹Â¶Ô̺¬¿Í»§ÂòÂô¼Í¼¡¢ÐÅÓþ¿¨¾ßÌåÐÅÏ¢¼°Ô±¹¤Ó×ÎÒÐÅÏ¢ÔÚÄÚµÄÃô¸ÐÊý¾Ý¡£¸ÃÍÅ»ïÔÚ°µÍøÐ¹Â¶ÍøÕ¾°ä²¼Ñù±¾ £¬Ðû³Æ´Ó¡°¹ú¶ÈÇ®±ÒÊг¡¹«Ë¾Êý¾Ý¿â¡±ÇÔÈ¡³¬8Íò·ÝÄÚ²¿Îļþ £¬²¢É趨11ÔÂ30ÈÕΪÁªÏµÆÚÏÞ £¬ÓâÆÚ½«¹«¿ªÊý¾ÝÖÁºÚ¿ÍÂÛ̳¡£Money Mart×÷Ϊ¼ÓÄôóMomentum Financial Services Group×Ó¹«Ë¾ £¬Õ¼ÓÐÃÀ¼ÓÔ¼400¼Ò·Öµê £¬Ìṩ·¢Ð½ÈÕ´û¿î¡¢Ö§Æ±¶ÒÏֵȷþÎñ £¬ÄêÊÕÈë´ï2400ÍòÃÀÔª¡£Ð¹Â¶Êý¾ÝÀàÐͶàÑù £¬Éæ¼°Ó×ÎÒÉí·ÝÐÅÏ¢¡¢²ÆÕþÊý¾Ý¡¢ÏµÍ³ÅäÖÃÎļþ¡¢Ô±¹¤Ãûµ¥µÈ¡£ÀýÈç £¬²ÆÕþÊý¾ÝÔ̺¬ÐÅÓþ¿¨16λÕ˺ÅÖеÄ10λ¼°ÐÅÓþ¶î¶È£»ÂòÂôÊý¾ÝÉæ¼°Ö§Æ±¶ÒÏÖÈÕÆÚ¡¢½ð¶î¼°ÊÚȨÂ룻Ա¹¤ÐÅÏ¢ÔòÔ̺¬¹¤×÷ÓÊÏä¡¢¾ÍÒ·úÊ·µÈ¡£´ËÀàÊý¾Ýй¶²»½öÍþвÓû§ÒþÖÔ £¬¸ü¿ÉÄÜÒý·¢Éç»á¹¤³Ìѧ¹¥»÷¼¤Ôö¡¢ÆóÒµÃæ¶Ô¼à¹ÜÉó²éÓëÃûÓþËðʧ¡£


https://cybernews.com/news/money-mart-breach-everest-ransomware-attack-consumer-financial-data-stolen/


4. Òâ´óÀûÒÕÊõÆ·Ó¡Ë¢·þÎñÉÌPixturaÔâÊý¾Ýй¶


11ÔÂ25ÈÕ £¬Òâ´óÀûÒÕÊõÆ·Ó¡Ë¢·þÎñÉÌPixturaÔâºÚ¿ÍÈëÇÖ £¬ºÚ¿ÍÔÚÊý¾Ýй¶ÂÛ̳Ðû³ÆÇÔÈ¡ÊýÇ§ÒøÐÐÕ˺ż°Éí·ÝÖ¤¼þ¡£CybernewsÍŶӷÖÎöÑù±¾ºóÈ·ÈÏ £¬Ð¹Â¶Êý¾ÝÔ̺¬Óû§µç×ÓÓʼþ¡¢¹þÏ£ÃÜÂ롢ȫÃû¡¢µç»°ºÅÂë¡¢IBAN¼°Éí·ÝÖ¤ºÅÂë £¬µ«µ¥±Ê¼Í¼²»¶¨Ô̺¬È«ÊýÐÅÏ¢¡£ÀýÈç £¬µç×ÓÓʼþµØÖ·ÊýÁ¿Ô¶¶àÓÚIBANºÅÂë £¬µ«ÍŶÓÒÔΪй¶µÄIDÓµÓнϸßÕæÊµÐÔ¡£¼¼Êõ·ÖÎöÏÔʾ £¬²¿ÃÅÃÜÂëѡȡ²»°²È«µÄMD5¹þÏ£Ëã·¨ £¬Ò×±»ÆÆ½â£»²¿ÃÅʹÓÃSHA-256 £¬Ëä½ÏMD5°²È«µ«ÈÔÒ×Êܱ©Á¦ÆÆ½â£»»¹Óв¿ÃÅѡȡ°²È«µÄBcryptËã·¨¡£IBANй¶Óû§Ãæ¶Ô¸ü¸ß·çÏÕ £¬¹¥»÷Õ߿ɼÙÒâÆäÊÕÊܽðÈÚÕË»§»òÖ´ÐнðÈÚÚ¿Æ­ £¬Ö»¹Ü´ËÀà²Ù×÷Ðè¶î±íÐÅÏ¢¼°ÖÂÁ¦¡£ÍŶÓδ·¢ÏÖÖ§¸¶¿¨ÐÅÏ¢ £¬´§Ä¦¹¥»÷ÕßÈëÇÖÁ˿ͻ§ÐÅÏ¢Êý¾Ý¿â¡£ÖµÍ×ÌùÐĵÄÊÇ £¬Õâ´ÎÊÂÎñ²úÉúÔÚ¡°ÐþÉ«ÐÇÆÚÎ塱ǰϦ¡£×îÐÂÊý¾ÝÏÔʾ £¬11ÔÂ1ÈÕÒÔ¡°ºÚÎ塱ΪÖ÷ÌâµÄ´¹µö¹¥»÷¼¤Ôö20±¶ £¬Õ¼¹Û²âÓʼþ×ÜÁ¿µÄ8%¡£


https://cybernews.com/security/fine-art-printing-breach-expose-users/


5. RomCom¶ñÒâÈí¼þ½èSocGholish¹¥»÷ÃÀÆó


11ÔÂ26ÈÕ £¬ÍøÂ簲ȫ¹«Ë¾Arctic Wolf LabsÅû¶ £¬ÃûΪRomComµÄ¶ñÒâÈí¼þ¼Ò×åͨ¹ýSocGholish JavaScript¼ÓÔØÆ÷¶ÔÃÀ¹úÒ»¼ÒÍÁľ¹¤³Ì¹«Ë¾ÌáÒé¹¥»÷ £¬Ö¼ÔÚ·Ö·¢Mythic Agent¶ñÒâÈí¼þ¡£ÕâÊdzõ´Î¹Û²ìµ½RomComÓÐÐ§ÔØºÉͨ¹ýSocGholish½øÐзַ¢¡£¸Ã¹¥»÷±»ÖиßÏàÐŶȹéÒòÓÚ¶íÂÞ˹Áª¹úÎä×°Á¦Á¿×ÜÕÕ·÷²¿×ܾ֣¨GRU£©ÏÂÊôµÄ29155¶ÓÁС£ÖµÍ×ÌùÐĵÄÊÇ £¬Êܹ¥»÷ʵÌå´ÓÇ°ÔøÎªÓëÎÚ¿ËÀ¼ÁªÏµÇ×êǵijÇÊÐÌṩ·þÎñ¡£SocGholish×÷Ϊ³õʼ½Ó¼ûÖнé £¬ÔÊÐíÆäËûÍþвÐÐΪÕß·Ö·¢¸÷ÀàÓÐÐ§ÔØºÉ¡£Æä¹¥»÷Á´Í¨³£Í¨¹ýÈëÇֺϷ¨ÍøÕ¾ÍÆËÍÐéαä¯ÀÀÆ÷¸üÐÂÌáÐÑ £¬ÓÕÆ­Óû§ÏÂÔØ¶ñÒâJavaScript¾ç±¾ £¬½ø¶ø×°ÖüÓÔØÆ÷²¢»ñÈ¡¸ü¶à¶ñÒâÈí¼þ¡£Õâ´Î¹¥»÷ÖÐ £¬Ðéα¸üÐÂÓÐÐ§ÔØºÉʹÍþвÐÐΪÕß¿ÉÄܳÉÁ¢·´Ïòshell £¬ÔÚÊÜϰȾÖ÷»úÉÏÖ´ÐпúËŻ¼°²¿Êð¶¨ÔìPythonºóÃÅVIPERTUNNEL¡£Í¬Ê± £¬¹¥»÷Õß»¹·Ö·¢ÁËÓëRomComÓйصÄDLL¼ÓÔØÆ÷ £¬ÓÃÓÚÆô¶¯¿çƽ̨ºóÉøÈë¿ò¼ÜÖ÷Ìâ×é¼þMythic Agent £¬¸Ã×é¼þÖ§³ÖºÅÁîÖ´ÐÓ×¢Îļþ²Ù×÷µÈÖ°ÄÜ¡£


https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html


6. Â׶ضà¸öÊÐÕþίԱ»áµÄITϵͳÒòÍøÂç¹¥»÷¶øÖжÏ


11ÔÂ26ÈÕ £¬½üÈÕ £¬Â×¶Ø¿ÏÐÁ¶ÙºÍÇжûÎ÷»Ê¼Ò×ÔÖÎÊУ¨RBKC£©¡¢Íþ˹ÃôË¹ÌØÊÐÒé»á£¨WCC£©¼°Â׶عþĬʷŮʿºÍ¸»ÀÕÄ·Çø£¨LBHF£©Òò¹²Ïí²¿ÃÅIT»ù´¡ÉèÊ© £¬Í¬Ê±Ôâ·êÍøÂ簲ȫ¹¥»÷µ¼Ö·þÎñÖжÏ¡£°²È«×¨¼Ò¿­ÎÄ¡¤²©ÃÉÌØ´§Ä¦´ËΪÀÕË÷Èí¼þ¹¥»÷ £¬µ«½ØÖÁ·¢¸åÎÞ×éÖ¯¹«¿ªÈÏÔð¡£¹¥»÷²¨¼°¶à¸öϵͳ £¬Ô̺¬µç»°Ïß·¡¢ÔÚÏß·þÎñ¼°ÁªÏµÖÐÐÄ £¬Èý¼Ò»ú¹¹ÒÑÆô¶¯Ó¦¼±Ô¤°¸ £¬¹Ø¹Ø²¿ÃÅÍÆËã»úϵͳÒÔ×è¶Ï½øÒ»²½ÇÖº¦ £¬²¢²ÉÈ¡¡°¼ÓÇ¿´ëÊ©¡±¸ôÀë±£»¤ÍøÂç¡£WCC×÷ΪӢ¹úÖØÒª´¦Ëùµ±¾Ö £¬Ï½ÇøÄÚÓÐÍþ˹ÃôË¹ÌØ¹¬¡¢°×½ðºº¹¬µÈ³Á¸¹µØ±ê£»RBKCËäΪÂ×¶ØÃæ»ýºÍÈ˶¡×îÓ×µÄÐÐÕþÇøÖ®Ò» £¬È´Õ¼ÓÐÓ¢¹ú×î¸ßÈ˾ùGDP£»LBHFÔò·þÎñ18Íò¾ÓÃñ¡£RBKC×òÈÕ²¼¸æ³Æ¾ÓÃñÎÞ·¨Í¨¹ýÔÚÏß·þÎñ»òÁªÏµÖÐÐÄÁªÏµ £¬WCCÒà֤ʵÊÜÍ³Ò»ÍøÂ簲ȫÎÊÌâÓ°Ïì¡£Èý¼Ò»ú¹¹ÔÚÍøÂ簲ȫר¼Ò¼°¹ú¶ÈÍøÂ簲ȫÖÐÐÄЭÖúÏ £¬Õý³Áµã±£»¤ÏµÍ³ºÍÊý¾Ý¡¢¸´Ô­ÏµÍ³¼°ÊØ»¤¹Ø¼ü·þÎñ¡£µ÷²éÈÔÔÚ½øÐÐÖÐ £¬»ú¹¹ÕýºË²éÊÇ·ñ´æÔÚÊý¾Ýй¶ £¬²¢ÒѰ´·¨Ê½Í¨ÖªÓ¢¹úÐÅϢרԱ°ì¹«ÊÒ£¨ICO£©¡£


https://www.bleepingcomputer.com/news/security/multiple-london-councils-it-systems-disrupted-by-cyberattack/