SonatypeÔÚPyPI´æ´¢¿âÖз¢ÏÖ¶à¸ö¿ÉÇÔÈ¡AWSÍ´´¦µÄ°ü

°ä²¼¹¦·ò 2022-06-27

1¡¢SonatypeÔÚPyPI´æ´¢¿âÖз¢ÏÖ¶à¸ö¿ÉÇÔÈ¡AWSÍ´´¦µÄ°ü


¾ÝýÌå6ÔÂ25ÈÕ±¨Â· £¬PyPI´æ´¢¿âÖдæÔÚ¶à¸ö¶ñÒâPython°ü £¬¿ÉÓÃÀ´ÇÔÈ¡AWSƾ֤µÈÐÅÏ¢¡£Æ¾¾ÝSonatypeµÄ˵·¨ £¬¶ñÒⷨʽ°ü±ðÀëÊÇloglib-modules¡¢pyg-modules¡¢pygrata¡¢pygrata-utilsºÍhkg-sol-utils¡£ÆäÖÐ £¬loglib-modulesºÍpygrata-utils°ü¿ÉÇÔÈ¡AWSƾ֤¡¢ÍøÂç½Ó¿ÚÐÅÏ¢ºÍ»·¾³±äÁ¿ £¬²¢½«ËüÃǵ¼³öµ½Ô¶³Ì¶Ëµãhxxp://graph.pygrata[.] com:8000//upload¡£ÏñpygrataÕâÑùµÄ°ü×ÔÉí²»Ô̺¬¶ñÒâ´úÂë £¬µ«±ØÒªÊ¹ÓÃÉÏÊöÁ½¸öÄ £¿éÖ®Ò»×÷ΪÒÀÀµÏĿǰ £¬ÕâЩ¶ñÒâ°üÒѱ»É¾³ý¡£


https://securityaffairs.co/wordpress/132598/hacking/pypi-malicious-packages-2.html


2¡¢ÈÕ±¾TB KawashimaµÄ×Ó¹«Ë¾Ôâµ½LockBitµÄÀÕË÷¹¥»÷


¾Ý6ÔÂ25ÈÕ±¨Â· £¬ÈÕ±¾Æû³µÁ㲿¼þÔì×÷ÉÌ·áÌï·ÄÖ¯ÆìϵÄTB Kawashima°ä·¢ £¬Æä×Ó¹«Ë¾Ôâµ½ÁËÍøÂç¹¥»÷¡£¹¥»÷²úÉúÔÚÉÏÖÜËÄ £¬TB KawashimaµÄÌ©¹úÏúÊÛ¹«Ë¾±»¹¥»÷ £¬¸Ã¹«Ë¾¹Ø¹ØÁ˹¥»÷Õß½Ó¼ûµÄÉ豸¡£¹«Ë¾³ÆÆä³ö²úºÍÏúÊۻûÓÐÊܵ½Ó°Ïì £¬ËùÓÐÒµÎñ¶¼ÔÚÕý³£ÔËÐÐ £¬µ«ÆäÍøÕ¾ÒѹعØ¡£¹ÌȻĿǰûÓйØÓÚÕâ´Î¹¥»÷µÄ¹Ù·½ÐÅÏ¢ £¬µ«LockBitÍÅ»ïÔÚ6ÔÂ17ÈÕ°ä·¢ £¬ËûÃǶÔTB KawashimaµÄ¹¥»÷ÊÂÎñÕÆ¹Ü¡£6ÔÂ25ÈÕ £¬¹¥»÷ÕßÒѾ­Æðͷй¶±»µÁµÄÊý¾Ý¡£


https://www.bleepingcomputer.com/news/security/automotive-fabric-supplier-tb-kawashima-announces-cyberattack/


3¡¢¹È¸èÒò´«²¼²»³É¿¿ÐÅÏ¢±»¶íÂÞ˹¼à¹Ü»ú¹¹· £¿î120ÍòÃÀÔª


ýÌå6ÔÂ24ÈÕ³Æ £¬¶íÂÞ˹µçÐżà¹Ü»ú¹¹Roskomnadzor¶Ô¹È¸è´¦ÒÔ6800Íò¬²¼£¨Ô¼ºÏ120ÍòÃÀÔª£©µÄ· £¿î¡£Õâ´Î· £¿îµÄÔ­ÒòÊǹȸèÔ®ÊÖ´«²¼ÓйØÕ½ÕùµÄ²»³É¿¿ÐÅÏ¢ £¬²¢ÇÒûÓн«ÕâЩÐÅÏ¢´ÓËüµÄƽ̨ÉÑþ³Øý¡£¸Ã»ú¹¹°µÊ¾ £¬¹È¸èµÄYouTubeÔÚÏßÊÓÆµ¹²ÏíÆ½Ì¨¡°ÓÐÒâÖú³¤¡±´«²¼²»ÕýÈ·µÄÐÅÏ¢ £¬´Ó¶øÀë¼ä¶íÂÞ˹¡£ÓÉÓÚÒ»ÔÙδÄÜÏ޶ȶԶíÂÞ˹²»ÈÝÐÅÏ¢µÄ½Ó¼û £¬¹È¸è´Ë¿Ì»¹Ãæ¶Ô¸ß´ïÆäÔÚ¶íÂÞ˹Äê½»Ò×¶îµÄ10%µÄ· £¿î¡£


https://www.bleepingcomputer.com/news/google/russia-fines-google-for-spreading-unreliable-info-defaming-its-army/


4¡¢CrowdStrikeÅû¶ÀÄÓÃMitel VOIP·ì϶µÄ¹¥»÷µÄÏêÇé


CrowdStrikeÔÚ6ÔÂ23ÈÕÅû¶ÁËÀÄÓÃMitel VOIPÖÐзì϶µÄÀÕË÷¹¥»÷»î¶¯¡£Õâ´Î±»ÀûÓõÄÊÇÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2022-29499 £¬CVSSÆÀ·ÖΪ9.8£© £¬ÓÉÓÚÕï¶Ï¾ç±¾µÄÊý¾ÝÑéÖ¤²»¼°µ¼ÖµÄ £¬¿É±»Î´¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷ÕßÓÃÀ´Í¨¹ýÌØÔìÒªÇó×¢ÈëºÅÁî¡£·ì϶µÄÀûÓÃÉæ¼°Á½¸öGETÒªÇó £¬Ò»¸ö·¢Ë͵½É豸ÉÏ £¬Ö¸±êÊÇÒ»¸öPHPÎļþµÄ"get_url"²ÎÊý £»µÚ¶þ¸öÔÚÉ豸ÉÏÌìÉú £¬µ¼ÖºÅÁî×¢Èë £¬Ïò¹¥»÷ÕߵĻù´¡ÉèʩִÐÐHTTP GETÒªÇó¡£×êÑÐÈËÔ±°µÊ¾ £¬ÍøÉÏÓг¬¹ý21000̨¿É¹«¿ª½Ó¼ûµÄMitelÉ豸 £¬ÆäÖдó²¿ÃÅλÓÚÃÀ¹ú £¬Æä´ÎÊÇÓ¢¹ú¡£


https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/


5¡¢×êÑÐÍŶӷ¢ÏÖBronze StarlightÍÅ»ï½üÆÚµÄ¹¥»÷»î¶¯


6ÔÂ23ÈÕ £¬SecureworksµÄ×êÑÐÍŶӹ«¿ªÁËAPT×éÖ¯Bronze Starlight(APT10)½üÆÚµÄ¹¥»÷»î¶¯¡£ÖÁÉÙ´Ó2015ÄêÆðÍ· £¬¹¥»÷Õß¾ÍʹÓÃHUI LoaderÔÚÖ¸±êÖ÷»úÉϼÓÔØÔ¶³Ì½Ó¼ûľÂí¡£¶øÕâ´Î»î¶¯ÖÐ £¬¹¥»÷ÕßÔÚÈëÇÖºó»á×°ÖÃÀÕË÷Èí¼þ £¬ÈçLockFile¡¢Atom Silo¡¢Rook¡¢Night Sky¡¢PandoraºÍLockBit 2.0µÈ¡£·ÖÎöÅú×¢ £¬BRONZE STARLIGHTµÄÖØÒª¶¯»ú¿ÉÄÜÊÇÇÔȡ֪ʶ²úȨ»ò½øÐмäµý»î¶¯ £¬¶ø·Ç¾­¼ÃÀûÒæ £¬ÀÕË÷Èí¼þ¿ÉÄÜÊÇΪÁË·ÖÉ¢Ö¸±êÈ·°ÑÎÈÁ¦¡£±»¹¥»÷µÄÖ¸±êÔ̺¬Î÷ºÍÃÀ¹úµÄÔìÒ©¹«Ë¾¡¢ÃÀ¹úýÌå»ú¹¹¡¢Á¢ÌÕÍðºÍÈÕ±¾µÄµç×ÓÔª¼þÉè¼ÆºÍÔì×÷É̵È¡£


https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader


6¡¢Kaspersky°ä²¼¹ØÓÚ8¸öÖØÒªÀÕË÷ÍÅ»ïµÄTTPµÄ·ÖÎö»ã±¨


KasperskyÔÚ6ÔÂ23ÈÕ°ä²¼Á˹ØÓÚ8¸öÖØÒªÀÕË÷ÍÅ»ïµÄTTPµÄ·ÖÎö»ã±¨¡£»ã±¨ÖÐÔ̺¬µÄÀÕË÷ÍÅ»ï±ðÀëΪConti/Ryuk¡¢Pysa¡¢Clop(TA505)¡¢Hive¡¢Lockbit2.0¡¢RagnarLocker¡¢BlackByteºÍBlackCat¡£¹¥»÷Õßͨ³£ÊÔͼÕÒµ½ÃýÎóÅäÖúʹæÔÚ·ì϶µÄÃæÏò¹«¼ÒµÄÀûÓ÷¨Ê½ £¬ÒÔ±ã»ñµÃ³õʼ½Ó¼ûȨ £¬³£¼ûµÄÖ¸±êÔ̺¬Î¢ÈíExchange·þÎñÆ÷¡¢Sharepoint·þÎñÆ÷¡¢VPNºÍÆäËüÍøÂç·þÎñ £»×î³£±»ÀûÓõķì϶ÊÇProxyShell ·ì϶CVE-2021-34473¡¢CVE-2021-34523ºÍCVE-2021-31207¡£


https://securelist.com/modern-ransomware-groups-ttps/106824/