Ó¢¹úÓÊÕþ¹«Ë¾Royal Mailй©ÆäÔâµ½LockBitÀÕË÷¹¥»÷

°ä²¼¹¦·ò 2023-01-13
1¡¢Ó¢¹úÓÊÕþ¹«Ë¾Royal Mailй©ÆäÔâµ½LockBitÀÕË÷¹¥»÷

      

¾ÝýÌå1ÔÂ12ÈÕ±¨Â· £¬Ó¢¹ú×î´óµÄÓÊÕþ·þÎñRoyal MailÔâµ½ÓëLockBitÀÕË÷Èí¼þÓйصĹ¥»÷ ¡£1ÔÂ11ÈÕ £¬Royal Mailй©³ÆÆäÔâµ½ÁËÍøÂç¹¥»÷ £¬¹ú¼Êº½ÔË·þÎñÊܵ½ÁËÓ°Ïì ¡£¹ÌÈ»¸Ã¹«Ë¾²¢Î´Ð¹Â©¹ØÓÚ¹¥»÷µÄÈκÎϸ½Ú £¬µ«¡¶ÖðÈÕµçѶ±¨¡·ÔÚ1ÔÂ12ÈÕ±¨Â·³Æ £¬Ä¿Ç°ÒÑÈ·ÈϹ¥»÷À´×ÔLockBit £¬»òÕßÓй¥»÷ÕßʹÓÃÁËËûÃǵļÓÃÜ·¨Ê½ ¡£¹¥»÷»î¶¯¼ÓÃÜÁ˹ú¼ÊÔËÊäµÄÉ豸 £¬²¢ÔÚÓÃÓÚº£¹ØµÇ¼ÇµÄ´òÓ¡»úÉÏ´òÓ¡Êê½ð¼Í¼ ¡£


https://www.bleepingcomputer.com/news/security/royal-mail-cyberattack-linked-to-lockbit-ransomware-operation/


2¡¢Vice SocietyÐû³Æ¶Ô°Ä´óÀûÑÇÏû·À¶ÓÔâµ½µÄ¹¥»÷ÕÆ¹Ü

      

ýÌå1ÔÂ12ÈÕ³Æ £¬ÀÕË÷ÍÅ»ïVice SocietyÐû³Æ¶Ô°Ä´óÀûÑÇÏû·À¶Ó(FRVP)Ôâµ½µÄ¹¥»÷ÕÆ¹Ü ¡£¹¥»÷²úÉúÔÚ2022Äê12ÔÂ15ÈÕ £¬Ôì³ÉÁË¿í·ºÇÒ³ÖÐøµÄIT·þÎñÖжÏ £¬µ«²¢Î´Ó°Ïì¸Ã»ú¹¹µÄÓ¦¼±ÏìÓ¦·þÎñ ¡£´Ë±í £¬FRV°µÊ¾ºÚ¿Í»¹ÇÔÈ¡ÁËÆäÍÆËã»úÖеÄÊý¾Ý £¬Ô̺¬Ô±¹¤¡¢³Ð°üÉÌ¡¢½èµ÷ÈËÔ±ºÍÇóÖ°ÕßµÄÐÅÏ¢ ¡£1ÔÂ10ÈÕ £¬Vice SocietyÔÚÆäÍøÕ¾ÁгöÁËFRV £¬»¹°ä²¼ÁËÖ¸Ïò±»µÁÊý¾ÝµÄÁ´½Ó £¬µ«¸ÃÁ´½ÓĿǰÊÇÎÞЧµÄ ¡£×î½ü £¬¹¥»÷ÕßÒѸÄÓÃÒ»ÖÖеÄ×Ô½ç˵¼ÓÃÜÆ÷PolyVice ¡£


https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-australian-firefighting-service/


3¡¢GootloaderÀûÓÃVLCµÈ¹¤¾ß¹¥»÷°Ä´óÀûÑÇÒ½ÁƱ£½¡ÐÐÒµ

      

Trend MicroÔÚ1ÔÂ9ÈÕÅû¶Á˶ñÒâÈí¼þGootkit Loader£¨±ðÃû Gootloader£©Õë¶Ô°Ä´óÀûÑÇÒ½ÁƱ£½¡ÐÐÒµµÄ»î¶¯ ¡£¹¥»÷ʼÓÚ2022Äê10Ô £¬ÀûÓÃÁËSEOÖж¾½øÐгõʼ½Ó¼û²¢ÀÄÓÃVLCýÌå²¥·ÅÆ÷µÈºÏ·¨¹¤¾ß ¡£×êÑÐÈËÔ±·¢ÏÖµÄÑù±¾ÀûÓÃÁ˹ؼü´ÊÒ½Ôº¡¢½¡È«¡¢Ò½ÁÆºÍÆóÒµºÍ̸ £¬²¢Óë°Ä´óÀûÑdzÇÊÐÃû³ÆÅä¶Ô ¡£¸Ã»î¶¯Ö¼ÔÚÔÚÖ¸±êÉ豸ÉÏ×°ÖÃCobalt Strike¿ª·¢¹¤¾ß°ü £¬ÒÔ±ã½øÈëÆóÒµÍøÂç ¡£


https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html


4¡¢×êÑÐÈËÔ±Åû¶Scattered SpiderÈÆ¹ý°²È«¼ì²âµÄ²½Öè

      

¾Ý1ÔÂ10ÈÕ±¨Â· £¬Scattered SpiderÊÔͼÔÚBYOVD¹¥»÷ÖÐ×°ÖÃÓ¢ÌØ¶ûÒÔÌ«ÍøÕï¶ÏÇý¶¯·¨Ê½ £¬À´ÈƹýEDR°²È«²úÆ·µÄ¼ì²â ¡£CrowdStrike»ã±¨³Æ £¬¸ÃÍŻﳢÊÔÀûÓÃÓ¢ÌØ¶ûÒÔÌ«ÍøÕï¶ÏÇý¶¯·¨Ê½ÖеÄÒ»¸ö¸ßΣ·ì϶£¨CVE-2015-2291£© £¬Ëü¿Éͨ¹ýÌØÔìŲÓÃÒÔÄÚºËȨÏÞÖ´ÐÐËÁÒâ´úÂë ¡£Ö»¹ÜËüÒÑÓÚ2015Ä꽨¸´ £¬µ«Í¨¹ýÔÚÖ¸±êÉ豸ÖÐÖ²Èë¾É°æ±¾ £¬ÎÞÂÛÖ¸±êÀûÓÃÁËʲô¸üй¥»÷Õß¶¼Äܹ»ÀûÓø÷ì϶ ¡£¹¥»÷ÕßʹÓõÄÇý¶¯·¨Ê½ÊÇÓÉ´ÓNVIDIAºÍGlobal Software LLCµÈÊðÃû»ú¹¹ÇÔÈ¡µÄÖ¤Êé½øÐÐÊðÃû £¬Òò¶øWindows²»»á×èÖ¹Ëü ¡£


https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic/


5¡¢±£ÏÕ¹«Ë¾AflacÈÕ±¾·Ö¹«Ë¾³ÆÆä100¶àÍò¿Í»§µÄÐÅϢй¶

      

ýÌå1ÔÂ11ÈÕ±¨Â·³Æ £¬±£ÏÕ¹«Ë¾AflacÈÕ±¾·Ö¹«Ë¾Ð¹Â©Æä100¶àÍò¿Í»§µÄÐÅϢй¶ ¡£1ÔÂ9ÈÕ £¬¸Ã¹«Ë¾»ñϤÆä¿Í»§µÄÐÅÏ¢±»°ä²¼ÔÚÒ»¸öÐÅÏ¢Ð¹Â¶ÍøÕ¾ÉÏ £¬¾­È·ÈÏÊý¾ÝÀ´×ÔÆäµÚÈý·½·þÎñÌṩÉÌ ¡£¸ÃÊÂÎñÓ°ÏìÁ˶©¹ºÓë°©Ö¢Óйصı£ÏÕµÄ1323468¸ö¿Í»§ £¬Êý¾Ý×ÜÊýΪ3158199Ìõ £¬Éæ¼°ÐÕÃû¡¢´ºÇï¡¢ÐԱ𡢱£µ¥ºÅÂë¡¢±£ÏÕ½ð¶îºÍ±£ÏÕ·ÑµÈ ¡£Óë´Ëͬʱ £¬ÈðÊ¿±£ÏÕ¹«Ë¾ËÕÀèÊÀÒ²ÈÏ¿ÉÆä³¬¹ý200ÍòÈÕ±¾¿Í»§µÄÊý¾ÝÒѾ­Ð¹Â¶ ¡£


https://www.theregister.com/2023/01/11/japan_aflac_zurich_data_breaches/


6¡¢Avast°ä²¼¹ØÓÚNeedleDropperµÄ¼¼Êõ·ÖÎö»ã±¨

      

1ÔÂ11ÈÕ £¬Avast°ä²¼Á˹ØÓÚNeedleDropperµÄ¼¼Êõ·ÖÎö»ã±¨ ¡£NeedleDropper²»½öÊÇÒ»¸öµ¥Ò»µÄ¿ÉÖ´ÐÐÎļþ £¬ËüЯ´ø¶à¸öÎļþ £¬ÕâЩÎļþһ·´´½¨¶ñÒâµÄÖ´ÐÐ £¬ÌáÈ¡ÎļþÒÔ½âÃܺÍ×¢Èë¶ñÒâ´úÂë ¡£¸Ã¶ñÒâÈí¼þͨ¹ý¶È·¢¶à¸öδʹÓõÄÎÞЧÎļþÀ´°µ²Ø×Ô¼º £¬²¢½«³ÁÒªÊý¾Ý´æ´¢ÔÚÊýMB²»³ÁÒªµÄÊý¾ÝÖ®¼ä £¬»¹ÀûÓúϷ¨ÀûÓÃÀ´Ö´ÐÐ ¡£NeedleDropperËÆºõÊÇÒ»¸öеĶñÒâÈí¼þϵÁÐ £¬Ê¹Óá°-as-a-service¡±µÄóÒ×ģʽ £¬ÔÚºÚ¿ÍÂÛ̳ÉÏÏúÊÛ¸øÆäËü¹¥»÷Õß £¬ÒÔ°µ²Ø×îÖÕµÄpayload ¡£Avast³Æ £¬½ØÖÁĿǰËüÒÑ×èÖ¹Á˳¬¹ý30000´Î´ËÀ๥»÷³¢ÊÔ ¡£


https://decoded.avast.io/threatresearch/needledropper/