ÈðµäOutpost24¹«Ë¾¸ß¹ÜÔâKratos´¹µö¹¥»÷

°ä²¼¹¦·ò 2026-03-18

1. ÈðµäOutpost24¹«Ë¾¸ß¹ÜÔâKratos´¹µö¹¥»÷


3ÔÂ16ÈÕ £¬Èðµä¶³öÖÎÀíÓëÉí·Ý°²È«¹«Ë¾Outpost24µÄ×Ó¹«Ë¾Specops Software½üÈÕÅû¶ £¬¸Ã¹«Ë¾Ò»ÃûC¼¶¸ß¹Ü³ÉΪ¸´ÔÓ´¹µö¹¥»÷µÄÖ¸±ê¡£Õâ´Î¹¥»÷¿ÉÄÜʹÓÃÁËÃûΪKratosµÄ´¹µö¼´·þÎñ¹¤¾ß°ü £¬Ñ¡È¡Æß²½¹¥»÷Á´ £¬ÀûÓ÷ֲã»ù´¡ÉèÊ©ºÍºÏ·¨·þÎñ¶ã±Ü¼ì²â¡£¹¥»÷Õß¼ÙÒâ½ðÈÚ·þÎñÌṩÉÌJP Morgan £¬½«´¹µöÓʼþ¼Ù×°³ÉÏÖÓÐÓʼþÏ̵߳ÄÒ»²¿ÃÅ £¬Ô¼ÇëÊÕ¼þÈ˲鿴²¢Ç©ÊðÎļþ¡£¹¥»÷ÕßʹÓÃÁ½¸öDomainKeys Identified Mail(DKIM) ÊðÃûÈ·±£Óʼþͨ¹ýDMARCÑéÖ¤ £¬Ôö³¤¿ÉÐŶÈ¡£ÓʼþÖÐÔ̺¬Ö¸ÏòCiscoºÏ·¨ÓòÃûsecure-web.cisco.comµÄ"²é¿´Îļþ"Á´½Ó £¬¸ÃÓòÃûͨ³£ÓÃÓÚCiscoÑéÖ¤ºó³ÁдÓʼþURL¡£¹¥»÷Á´ÏÂÒ»²½Éæ¼°³Á¶¨ÏòÖÁºÏ·¨ÓʼþAPIƽ̨Nylas £¬È·±£´¹µöÁ´½Óͨ¹ýCisco Secure Web»ù´¡ÉèÊ©³Á¶¨Ïò¡£ËæºóÖ¸±ê±»³Á¶¨ÏòÖÁÒ»¼ÒÓ¡¶È¿ª·¢¹«Ë¾ÍøÕ¾µÄ×ÓÓòÃû £¬ÔÙÌø×ªÖÁÒ»¸ö×î³õÓÉÖйúʵÌåÓÚ2017Äê×¢²áµÄÓòÃû¡£Óû§×îÖÕ±»³Á¶¨ÏòÖÁ²¿ÊðÔÚCloudflareºó·½µÄ´¹µö»ù´¡ÉèÊ© £¬°µ²ØÔ´·þÎñÆ÷¡£×îºóÊܺ¦Õß±»³öÏÖÒ»¸öÕæÇеĴ¹µöÒ³Ãæ £¬ÓÃÓÚÇÔÈ¡Microsoft 365ƾ֤¡£


https://www.securityweek.com/security-firm-executive-targeted-in-sophisticated-phishing-attack/


2. ¶íÂÞ˹±Ë¶ûÄ·ÊÐÍ£³µÖ§¸¶ÏµÍ³ÔâDDoS¹¥»÷̱»¾


3ÔÂ17ÈÕ £¬¶íÂÞ˹±Ë¶ûÄ·ÊÐ(Perm)Í£³µÖ§¸¶ÏµÍ³½üÈÕÔâ·ê´ó¹æÄ£É¢²¼Ê½»Ø¾ø·þÎñ(DDoS)¹¥»÷ºó¸´Ô­ÔËÓª¡£¸ÃÊе±¾ÖÖÜһȷÈÏ £¬ÏµÍ³ÏÖÒÑÆëÈ«¸´Ô­Õý³£ÔËÐÐ £¬ËùÓÐÖ§¸¶·½Ê½¾ù¿ÉÕý³£Ê¹Óᣱ¾µØ¹ÙÔ±°µÊ¾ £¬Õâ´ÎÖжÏÓÉ´ó¹æÄ£DDoS¹¥»÷ÒýÆð £¬¹¥»÷ѹ¿åÁ˸ÃÊÐ×Ô¶¯Í£³µÖ§¸¶»ù´¡ÉèÊ©¡£¹¥»÷µ¼ÖÂÈ«ÊÐÍ£³µÖ§¸¶ÔÝÍ£ £¬¼ÝʻԱÎÞ·¨Í¨¹ý¹Ù·½ÀûÓ÷¨Ê½ºÍÍøÕ¾Ö§¸¶Í£³µ×Ê¡£3ÔÂ10ÈÕÖÁ3ÔÂ13ÈÕϵͳ̱»¾ÆÚ¼ä £¬¹ÙÔ±°µÊ¾¼ÝʻԱ²»»áÒòδ֧¸¶Í£³µ×ʶøÃæ¶Ô´¦·£¡£±Ë¶ûÄ·Êеĸ¶·ÑÍ£³µÇøÍ¨³£ÔÚÖÜÄ©Ãâ·Ñ¡£ÕâÊǽüÄêÀ´¶íÂÞ˹³ÇÊÐÍ£³µÏµÍ³ÖÁÉÙµÚÈý´ÎÔâ·ê´ËÀ๥»÷¡£È¥Äê1Ô £¬¿ËÀ­Ë¹Åµ´ï¶û(Krasnodar)ÊмÝʻԱÒòµçÐÅÔËÓªÉÌÔâ·êDDoS¹¥»÷¶øÎÞ·¨Ö§¸¶Í£³µ×Ê £¬ÓйطþÎñÊܵ½×ÌÈÅ¡£2024Äê10Ô £¬ÌØÎ¬¶ûÊÐ(Tver)Í£³µÖ§¸¶Ò²Òò·ÛËéÐÔÍøÂç¹¥»÷±¾µØµ±¾ÖÍøÂç¶øÖжÏ¡£Ä¿Ç°Éв»Ã÷ÏԱ˶ûÄ·ÊÂÎñÊÇ·ñÓëÏÈǰ¹¥»÷ÓйØÁª £¬ÔÝÎÞºÚ¿Í×éÖ¯Ðû³Æ¶Ô´ËÕÆ¹Ü¡£


https://therecord.media/cyberattack-russia-parking-system


3. Ó¢¹ú¹«Ë¾×¢²á¾ÖWebFiling·þÎñÆØ¹Ø¼ü·ì϶


3ÔÂ17ÈÕ £¬Ó¢¹ú¹«Ë¾×¢²á¾Ö£¨CompaniesHouse£©½üÈÕÈ·ÈÏÆäWebFilingÍøÂçfiling·þÎñ´æÔڹؼü°²È«·ì϶ £¬¸Ã·ì϶¿ÉÄÜʹ¹¥»÷Õß½Ó¼û500Íò¼Ò×¢²á¹«Ë¾µÄ·Ç¹«¿ªÐÅÏ¢¡£·ì϶ÓÚ2025Äê10ÔÂÒýÈëϵͳ £¬2026Äê3ÔÂ12ÈÕÓÉGhostMail×êÑÐÈËÔ±JohnHewitt·¢ÏÖ²¢»ã±¨ £¬ËæºóÓÚµ±ÖÜÖÜĩʵÏÖ½¨¸´¡£¸Ã·ì϶ÔÊÐíÈκÎÒѵǼÓû§½Ó¼ûÆäËû¹«Ë¾ÔÚCompaniesHouseƽ̨ÉϵÄÕË»§¡£¹¥»÷ÕßÎÞÐèÌØÊâ¼¼Êõ¼¼Êõ £¬Ö»ÐèÑ¡Ôñ"ΪÁíÒ»¼Ò¹«Ë¾filing"Ñ¡Ïî £¬ÊäÈëÖ¸±ê¹«Ë¾µÄΨһ±àºÅ £¬ÔÚÌáÐÑÊäÈëÑéÖ¤Âëʱ°´¼¸´Î·µ»Ø¼ü £¬¼´¿É×Ô¶¯µÇ¼ָ±ê¹«Ë¾ÕË»§¡£³É¹¦ÀûÓø÷ì϶µÄ¹¥»÷Õß¿ÉÄÜ»ñÈ¡¶­Êµ®ÉúÈÕÆÚ¡¢¼ÒͥסַºÍµç×ÓÓÊÏäµÈÃô¸ÐÐÅÏ¢ £¬»¹¿ÉÅú¸Ä¹«Ë¾¾ßÌåÐÅÏ¢²¢Ìύδ¾­ÊÚȨµÄfilingÎļþ¡£CompaniesHouseÔÚÖÜÒ»°ä²¼µÄÉêÃ÷ÖÐÈ·ÈÏÁ˸ð²È«·ì϶ £¬°µÊ¾¸ÃÎÊÌâ½öÓ°ÏìÆäWebFiling·þÎñ¡£»ú¹¹Ç¿µ÷ £¬·ì϶ֻÄÜÓɾ­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷ÕßÀûÓà £¬Í¨³£¹«¼ÒÎÞ·¨½Ó¼û¡£·ì϶δ¶³öÃÜÂë¼°Éí·ÝÑéÖ¤¹ý³ÌÖÐÍøÂçµÄÐÅÏ¢£¨È绤Õյȣ©¡£´Ë±í £¬¹¥»÷ÕßÎÞ·¨¶ÔÏÖÓÐfilingÎļþ½øÐÐÅú¸Ä¡£


https://www.securityweek.com/uk-companies-house-exposed-details-of-millions-of-firms/


4. RondoDox½©Ê¬ÍøÂçÉý¼¶¹¥»÷Õ½Êõ


3ÔÂ17ÈÕ £¬RondoDox½©Ê¬ÍøÂç½üÈÕÉý¼¶¹¥»÷»î¶¯ £¬Õë¶Ô174¸ö·ì϶ÌáÒéÖðÈոߴï15,000´ÎµÄÀûÓó¢ÊÔ £¬²ÉȡԽ·¢¼¯ÖкÍÕ½Êõ»¯µÄ¹¥»÷Õ½Êõ¡£ÍøÂ簲ȫ¹«Ë¾Bitsight°ä²¼µÄ»ã±¨ÏÔʾ £¬¸Ã½©Ê¬ÍøÂç×Ô2025Äê5ÔÂ25ÈÕÖÁ2026Äê2ÔÂ16ÈÕÆÚ¼ä³ÖÐøÀ©´ó¹¥»÷ÁìÓò¡£¸Ã½©Ê¬ÍøÂç×îÔçÓÉTrendMicroÓÚ2025Äê6ÔÂ15ÈÕ·¢ÏÖ £¬µ±Ê¹ØýÔÚÀûÓÃCVE-2023-1389·ì϶¹¥»÷TP-LinkArcherAX21·ÓÉÆ÷¡£¶ûºó £¬RondoDox³ÖÐøÀ©´ó¹¥»÷Ö¸±ê £¬º­¸ÇDVR¡¢NVR¡¢¹ØÂ·µçÊÓϵͳºÍWeb·þÎñÆ÷µÈ30¶àÖÖÉ豸ÀàÐÍ¡£2025Äê12Ô £¬CloudSEK×êÑÐÈËÔ±ÖÒ¸æ¸Ã½©Ê¬ÍøÂçÔÚÀûÓùؼüReact2Shell·ì϶£¨CVE-2025-55182£©ÔÚÒ×Êܹ¥»÷µÄNext.js·þÎñÆ÷ÉÏͶ·Å¶ñÒâÈí¼þºÍ¼ÓÃܿ󹤡£Bitsight×êÑÐÈËÔ±·ÖÎö·¢ÏÖ £¬¹¥»÷Õß³ÖÐøÂÖ»»ÀûÓõķì϶ £¬ÔÚ174¸ö·ì϶ÖÐÓ³Éä³ö148¸öCVE £¬ÆäÖÐ15¸öÓй«¿ª¸ÅÏëÑéÖ¤µ«ÎÞCVE±àºÅ £¬»¹ÓÐ11¸öδÕÒµ½¹«¿ª¸ÅÏëÑéÖ¤¡£¹¥»÷»î¶¯³öÏÖ²¨ÀËÊ½ÌØµã£º¿í·º²âÊԽ׶κó×·ËæÑ¡¶¨·ì϶µÄ³Ö¾ÃʹÓÃÆÚ¡£2025Äê10Ô·ì϶ÀûÓÃÊýÁ¿´ïµ½µ¥ÈÕ49¸öµÄ·åÖµ £¬Ëæºó²»±äÔÚ40¸ö×óÓÒ £¬2026ËêÊ×¼±¾ç½µÂäÖÁ½ö2¸ö·ì϶ £¬Åú×¢¹¥»÷Õ½ÊõתÏò¸üÉÙµ«¸üÓÐЧµÄ·ì϶ÀûÓá£


https://securityaffairs.com/189569/malware/rondodox-botnet-expands-arsenal-targeting-174-flaws-and-hits-15000-daily-exploit-attempts.html


5. LeakNetÀÕË÷Èí¼þѡȡÐÂÐÍBYOR¹¥»÷¼¼Êõ


3ÔÂ17ÈÕ £¬LeakNetÀÕË÷Èí¼þÍÅ»ï½üÈÕѡȡClickFixÉç»á¹¤³Ì¹¥»÷¼¼Êõ»ñÈ¡ÆóÒµ»·¾³³õʼ½Ó¼ûȨÏÞ £¬²¢²¿Êð»ùÓÚ¿ªÔ´DenoÔËÐÐʱµÄ¶ñÒâÈí¼þ¼ÓÔØÆ÷¡£¸ÃÍÅ»ï×Ô2024Äêµ×ÒÔÀ´»îÔ¾ £¬¾ùÔÈÿÔ¹¥»÷Ô¼3¸öÊܺ¦Õß £¬Ëæ×Åм¼ÊõµÄѡȡ £¬Æä¹¥»÷¹æÄ£¿ÉÄܽøÒ»²½À©´ó¡£°²È«¹«Ë¾ReliaQuest½«ÕâÖÖÕ½Êõ³ÆÎª"×Ô´øÔËÐÐʱ"£¨BYOR£©¹¥»÷¡£DenoÊǺϷ¨µÄJavaScript/TypeScriptÔËÐÐʱ £¬ÔÊÐíÔÚϵͳÉÏÖ´ÐÐä¯ÀÀÆ÷±íµÄJS/TS´úÂë¡£ÓÉÓÚDeno¾­¹ýÊý×ÖÊðÃûÇҺϷ¨ £¬¿ÉÈÆ¹ýδ֪¶þ½øÔìÖ´ÐеÄ×èÖ¹ÁбíºÍ¹ýÂËÆ÷¡£¹¥»÷Õßͨ¹ý×°ÖúϷ¨µÄDeno¿ÉÖ´ÐÐÎļþÀ´ÔËÐжñÒâ´úÂë £¬¶ø·Ç²¿Êð¸üÈÝÒ×±»ÏóÕ÷µÄ×Ô½ç˵¶ñÒâÈí¼þ¼ÓÔØÆ÷¡£Ö´Ðкó £¬´úÂë»áÖ¸ÎÆ¼ø±ðÖ÷»ú¡¢ÌìÉúΨһÊܺ¦ÕßID £¬²¢ÏνӺÅÁî½ÚÔì·þÎñÆ÷»ñÈ¡µÚ¶þ½×¶ÎÔØºÉ¡£Í¬Ê±ÔËÐÐÓÆ¾ÃÂÖѯѭ»·ÒÔ½Ó¹ÜÀ´×ÔºÅÁî½ÚÔì·þÎñÆ÷µÄкÅÁî¡£ÔÚºóÀûÓý׶Î £¬LeakNetʹÓÃDLL²à¼ÓÔØ¡¢ºÅÁî½ÚÔìÐűꡢͨ¹ýklistö¾Ù½øÐÐÍ´´¦·¢ÏÖ¡¢Í¨¹ýPsExec½øÐкáÏòÒÆ¶¯ £¬ÒÔ¼°Í¨¹ýÀÄÓÃAmazonS3´æ´¢Í°½øÐÐÔØºÉstagedºÍÊý¾Ý±íй¡£


https://www.bleepingcomputer.com/news/security/leaknet-ransomware-uses-clickfix-and-deno-runtime-for-stealthy-attacks/


6. GlassWorm¹©¸øÁ´¹¥»÷¾íÍÁ³ÁÀ´²¨¼°433¸ö×é¼þ


3ÔÂ17ÈÕ £¬GlassWorm¹©¸øÁ´¹¥»÷»î¶¯½üÈÕ¾íÍÁ³ÁÀ´ £¬Õë¶ÔGitHub¡¢npmºÍVSCode/OpenVSXƽ̨ÉϵÄÊý°Ù¸öÈí¼þ°ü¡¢²Ö¿âºÍÀ©´óÌáÒéЭµ÷¹¥»÷¡£Aikido¡¢Socket¡¢StepSecurityºÍOpenSourceMalwareÉçÇøµÄ×êÑÐÈËÔ±±¾Ô¹²¼ø±ð³ö433¸ö±»¹¥ÏµÄ×é¼þ¡£×îÐÂÒ»ÂÖGlassWorm¹¥»÷¹æÄ£¸üÎªÖØ´ó £¬²¨¼°200¸öGitHubPython²Ö¿â¡¢151¸öGitHubJS/TS²Ö¿â¡¢72¸öVSCode/OpenVSXÀ©´óºÍ10¸önpmÈí¼þ°ü¡£¹¥»÷ÕßÊ×Ïȹ¥ÏÂGitHubÕË»§Ç¿ÔìÍÆËͶñÒâÌá½» £¬¶øºóÔÚnpmºÍVSCode/OpenVSXÉϰ䲼°ü·Ñ½âÏý´úÂëµÄ¶ñÒâÈí¼þ°üºÍÀ©´óÒÔÌӱܼì²â¡£ÔÚËùÓÐÆ½Ì¨ÉÏ £¬¶ñÒâ´úÂëÿ5Ãë²éÎÊÒ»´ÎSolanaÇø¿éÁ´»ñÈ¡ÐÂÖ¸Áî¡£2025Äê11ÔÂ27ÈÕÖÁ2026Äê3ÔÂ13ÈÕÆÚ¼ä £¬¹²·¢ÏÖ50±ÊÐÂÂòÂô £¬ÖØÒªÓÃÓÚ¸üÐÂÔØºÉURL¡£Ö¸ÁîǶÈëÂòÂô±¸Íü¼ÖÐ £¬Êèµ¼ÏÂÔØNode.jsÔËÐÐʱ²¢Ö´ÐлùÓÚJavaScriptµÄÐÅÏ¢ÇÔÈ¡·¨Ê½¡£¸Ã¶ñÒâÈí¼þÕë¶Ô¼ÓÃÜÇ®±ÒÇ®°üÊý¾Ý¡¢Í´´¦ºÍ½Ó¼ûÁîÅÆ¡¢SSHÃÜÔ¿ÒÔ¼°¿ª·¢Õß»·¾³Êý¾Ý¡£´úÂë×¢½â·ÖÎöÅú×¢GlassWormÓɶíÓïÍþвÐÐΪÕ߲߶¯ £¬¶ñÒâÈí¼þÔÚ¼ì²âµ½ÏµÍ³Îª¶íÓï»·¾³Ê±»áÌø¹ýÖ´ÐС£


https://www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/