ÒõÓô·ç±©ºÚ¿Í×éÖ¯Ðû³Æ¶ÔÈ«ÇòDDoS¹¥»÷ÕÆ¹Ü

°ä²¼¹¦·ò 2025-03-11

1. ÒõÓô·ç±©ºÚ¿Í×éÖ¯Ðû³Æ¶ÔÈ«ÇòDDoS¹¥»÷ÕÆ¹Ü


3ÔÂ10ÈÕ £¬ÒõÓô·ç±©£¨Dark Storm£©ºÚ¿Í×éÖ¯Ðû³Æ¶ÔÖÜÒ»Òý·¢È«Çò¶àÆð·þÎñÖжϵÄDDoS¹¥»÷ÕÆ¹Ü £¬Õâ´Î¹¥»÷ÆÈʹÊܺ¦¹«Ë¾ÆôÓÃCloudflareµÄDDoS± £»¤·þÎñ ¡£Ö»¹ÜX¹«Ë¾ËùÓÐÕß°£Â¡¡¤Âí˹¿Ëδֱ½ÓÖ¸Ã÷DDoS¹¥»÷ΪÖжÏÔ­Òò £¬µ«ËûÈ·ÈÏÕâÊÇÓÉ¡°´ó¹æÄ£ÍøÂç¹¥»÷¡±ËùÖ £¬²¢°µÊ¾¹¥»÷Õß¿ÉÄÜÊÇÒ»¸ö´óÐÍÓÐ×éÖ¯¼¯Ìå»òij¸ö¹ú¶È ¡£ÒõÓô·ç±©ÊÇÒ»¸öÇ×°ÍÀÕ˹̹µÄºÚ¿Í×éÖ¯ £¬³ÉÁ¢ÓÚ2023Äê £¬ÔøÕë¶ÔÒÔÉ«ÁÓעŷÖÞºÍÃÀ¹úµÄ¶à¼Ò×éÖ¯ÌáÒé¹¥»÷ ¡£¸Ã×éÖ¯ÔÚTelegramƵ·ÉÏ·¢ÌûÐû³ÆÔÚ¶ÔTwitter½øÐÐDDoS¹¥»÷ £¬²¢·ÖÏíÁËcheck-host.netÍøÕ¾µÄ½ØÍ¼×÷Ϊ֤¾Ý ¡£X¹«Ë¾Ä¿Ç°ÊÜCloudflare DDoS± £»¤·þÎñ±£ÏÕ £¬¿ÉÒÉIPµØÖ·½Ó¼ûʱ»áÏÔʾÑéÖ¤Âë ¡£ºÚ¿Í»î¶¯·Ö×Ó²»ÐÝÖ¤Ã÷ÆäÀûÓý©Ê¬ÍøÂçµÈ×ÊÔ´·ÛËé´óÐͼ¼Êõƽ̨µÄÄÜÁ¦ ¡£½üÆÚ £¬ÃÀ¹ú¸æ×´ÁËÁ½ÃûÉæÏӲμÓÄäÃûËÕµ¤ºÚ¿Í×éÖ¯»î¶¯µÄËÕµ¤ÐÖµÜ £¬¸Ã×éÖ¯Ôø³É¹¦¹Ø¹ØÔ̺¬Cloudflare¡¢Î¢ÈíºÍOpenAIÔÚÄÚµÄһЩ×î´ó¿Æ¼¼¹«Ë¾µÄÍøÕ¾ºÍAPI £¬¶ÔÈ«Çò¶à¶à¹«Ë¾µÄ·þÎñÔì³ÉÇÖÈÅ ¡£


https://www.bleepingcomputer.com/news/security/x-hit-by-massive-cyberattack-amid-dark-storms-ddos-claims/


2. ÏòÈÕ¿ûÒ½ÁƼ¯ÍÅÔâÀÕË÷¹¥»÷ £¬½ü22Íò»¼ÕßÃô¸ÐÐÅϢй¶


3ÔÂ11ÈÕ £¬¿°ÈøË¹ÖݵÄÏòÈÕ¿ûÒ½ÁƼ¯ÍÅÔâ·êÁËÒ»´ÎÍøÂç¹¥»÷ £¬µ¼Ö½ü221,000Ãû»¼ÕßµÄÃô¸ÐÐÅÏ¢¿ÉÄÜй¶ ¡£ÏòÈÕ¿ûÒ½ÁƼ¯Íž­Óª×ÅËĸö´¹Î£»¤ÀíµØÖ·ºÍ¶à¸öÉèÊ© £¬º­¸ÇµÍ¼¶»¤Àí¡¢²ú¿ÆºÍ³¢ÊÔÊÒ²âÊÔ ¡£¸Ã¹¥»÷²úÉúÔÚ12ÔÂ15ÈÕ £¬ºÚ¿ÍÈëÇÖÁËÏòÈÕ¿ûÒ½ÁƼ¯ÍŵÄϵͳ²¢¸´ÔìÁËÎļþ ¡£ÊÜÓ°ÏìµÄÐÅÏ¢Ô̺¬ÐÕÃû¡¢µØÖ·¡¢µ®ÉúÈÕÆÚ¡¢Éç»á°²È«ºÅÂë¡¢¼ÝÊ»ÅÆÕÕºÅÂë¡¢Ò½ÁÆÐÅÏ¢ºÍ½¡È«±£ÏÕÐÅÏ¢ ¡£¹«Ë¾×î³õÔÚ1ÔÂ7ÈÕ·¢ÏÖ·ì϶ £¬²¢ÀñÆ¸ÍøÂ簲ȫ¹«Ë¾½øÐе÷²é £¬·¢ÏÖºÚ¿Í×Ô12ÔÂÖÐÑ®ÒÔÀ´Ò»ÏòÔÚÈëÇÖϵͳ ¡£ÏòÈÕ¿ûÒ½ÁƼ¯ÍÅÒÑÏòÃåÒòÖÝ¡¢·ðÃÉÌØÖݺͼÓÀû¸£ÄáÑÇÖݵļà¹Ü»ú¹¹»ã±¨´ËÊ £¬²¢ÔÚÆäÍøÕ¾Éϰ䲼֪ͨ ¡£¹«Ë¾ÏòËùÓÐÕ¼ÓÐÓÐЧµØÖ·µÄÊܺ¦Õß·¢ËÍÁ˺¯¼þ £¬²¢ÌṩһÄêµÄÐÅÓþ¼à¿Ø·þÎñ ¡£¹ÌÈ»¹«Ë¾Î´Ð¹Â©ÊÇ·ñÔÚÓ¦¶ÔÀÕË÷Èí¼þ¹¥»÷ £¬µ«RhysidaÀÕË÷Èí¼þÍÅ»ïÒÑÈϿɶÔÕâ´Î¹¥»÷ÕÆ¹Ü £¬²¢Íþв³ÆÈôÊDz»Ö§¸¶Ô¼80ÍòÃÀÔªµÄÊê½ð £¬½«Ð¹Â¶±»µÁÊý¾Ý ¡£


https://therecord.media/kansas-healthcare-provider-data-breach


3. ÄÏÃÀAPT×éÖ¯¡°Ã¤Ó¥¡±ÀûÓøßϰȾÂÊ·ì϶¹¥»÷¸çÂ×±ÈÑÇ»ú¹¹


3ÔÂ11ÈÕ £¬Check PointµÄ×êÑнÒʾ £¬Ò»¸öÃûΪ¡°Ã¤Ó¥¡±£¨Blind Eagle£©µÄAPT×éÖ¯ÔÚÄÏÃÀµØÓò»îÔ¾ £¬³ö¸ñÊÇÕë¶Ô¸çÂ×±ÈÑǵĻú¹¹ºÍµÐÔÖʵÌå½øÐÐÍøÂç¹¥»÷ ¡£¸Ã×éÖ¯×Ô2018ÄêÒÔÀ´Ò»Ïò»îÔ¾ £¬ÖØÒªÀûÓø´ÔÓµÄÉç»á¹¤³ÌÕ½Êõ £¬ÈçÍøÂç´¹µöÓʼþЯ´ø¶ñÒ⸽¼þ»òÁ´½Ó £¬À´»ñÈ¡¶ÔÖ¸±êϵͳµÄ³õʼ½Ó¼ûȨÏÞ ¡£×î½ü £¬Ã¤Ó¥±»·¢ÏÖʹÓÃÁËÒ»ÖÖ¸ßϰȾÂʵķì϶¡ª¡ªCVE-2024-43451µÄ±äÌå £¬¸Ã·ì϶ÓÉ΢ÈíÔÚ11Ô½¨¸´ £¬µ«Ã¤Ó¥ÔÚ²¹¶¡°ä²¼ÁùÌìºó¾ÍÀûÓÃÁ˸÷ì϶µÄÒ»¸ö±äÌå½øÐй¥»÷ £¬¸Ã±äÌå²»Ö±½Ó¶³öÓû§µÄWindows NTLMv2¹þÏ£ £¬µ«ÈÔÄÜ֪ͨÍþвÐÐΪÕßÎļþÒѱ»ÏÂÔØ ¡£ÔÚÕâ´Î¹¥»÷ÖÐ £¬Êܺ¦Õß»áÊÕµ½Ô̺¬¶ñÒâ.urlÎļþµÄ´¹µöÓʼþ £¬¸ÃÎļþ»á´¥·¢¹¥»÷Á´ £¬ÏÂÔØ²¢Ö´Ðжà¸ö¶ñÒâ¿ÉÖ´ÐÐÎļþ £¬Èç.NET RATºÍRemcos RAT £¬ºóÕßÓëºÅÁîºÍ½ÚÔì·þÎñÆ÷ÒÔ¼°½©Ê¬ÍøÂçһ·ִÐÐ ¡£Check PointÖ¸³ö £¬Ã¤Ó¥¿ÉÄÜÀûÓúϷ¨µÄÎļþ¹²ÏíÆ½Ì¨ÈÆ¹ý´«Í³°²È«´ëÊ©²¢°ÂÃØ´«²¼¶ñÒâÈí¼þ £¬ÊÇÆä³É¹¦µÄÒ»¸ö¹Ø¼ü³É·Ö ¡£Check Point½¨Òé×é֯ͨ¹ý×Ô¶¯Íþвµý±¨¡¢¸ß¼¶°²È«·ÀÓùºÍ³ÖÐø¼à¿ØÀ´»º½â´ËÀàÍþв ¡£


https://www.darkreading.com/cyberattacks-data-breaches/apt-blind-eagle-targets-colombian-government


4. PHP¸ßΣ·ì϶CVE-2024-4577ÔâÈ«Çò´ó¹æÄ£ÀûÓÃ


3ÔÂ10ÈÕ £¬GreyNoise×êÑÐÈËÔ±ÖÒ¸æ £¬PHPÖеÄÑϳÁ·ì϶CVE-2024-4577£¨CVSSÆÀ·Ö9.8£©ÕýÔâ·ê´ó¹æÄ£ÀûÓà ¡£¸Ã·ì϶ÊÇPHP-CGI OSºÅÁî×¢Èë·ì϶ £¬´æÔÚÓÚWindows²Ù×÷ϵͳ±àÂëת»»µÄBest-FitÖ°ÄÜÖÐ £¬¹¥»÷Õß¿ÉÀûÓÃÌØ¶¨×Ö·ûÐòÁÐÈÆ¹ýÏÈǰ± £»¤ £¬ÊµÏÖÔ¶³Ì´úÂëÖ´ÐÐ £¬½ÚÔì´æÔÚ·ì϶µÄ·þÎñÆ÷ ¡£×Ô·ì϶Åû¶ÒÔÀ´ £¬¶à¸ö²Î¼ÓÕßÊÔIJÀûÓÃËü £¬Ô̺¬´«²¼Gh0st RAT¡¢RedTail¼ÓÃܿ󹤺ÍXMRigµÈ¶ñÒâÈí¼þ¼Ò×å ¡£Akamai¡¢GreyNoiseµÈ°²È«ÍŶӾù»ã±¨ÁËÀûÓø÷ì϶µÄ¶ñÒâ³¢ÊÔ £¬²¢¹Û²ìµ½DDoS½©Ê¬ÍøÂçMuhstik±³ºóµÄÍþвÐÐΪÕßÒ²ÀûÓÃÁË´Ë·ì϶ ¡£Ë¼¿ÆTalos×êÑÐÈËÔ±»¹·¢ÏÖ £¬ÔçÔÚ2025Äê1Ô¾ÍÓÐδ֪ÍþвÐÐΪÕßÀûÓø÷ì϶Õë¶ÔÈÕ±¾×éÖ¯ ¡£GreyNoiseÈ·ÈÏ £¬CVE-2024-4577Òѱ»´ó¹æÄ£ÀûÓà £¬¹¥»÷ÁìÓòÒѳ¬³ö×î³õ»ã±¨ £¬Éæ¼°ÃÀ¹ú¡¢Ó¢¹ú¡¢ÐÂ¼ÓÆÂ¡¢Ó¡¶ÈÄáÎ÷ÑÇ¡¢Ì¨Íå¡¢Ïã¸Û¡¢Ó¡¶ÈºÍÎ÷°àÑÀµÈ¶à¸öµØÓò ¡£¸Ã¹«Ë¾¶½´ÙʹÓÃPHP-CGIµÄWindowsϵͳ×éÖ¯¾¡¿ì¸üÐÂ×°Öà £¬²¢×ñÑ­Áìµ¼½øÐÐ×·ÒäËÑË÷ÒÔ¼ø±ðÀàËÆµÄÀûÓÃģʽ £¬¼ø±ð²¢×èÖ¹Õë¶ÔCVE-2024-4577µÄ¶ñÒâIP ¡£


https://securityaffairs.com/175198/hacking/experts-warn-of-mass-exploitation-of-critical-php-flaw-cve-2024-4577.html


5. RansomHouseÈëÇÖÖ¥¼Ó¸çÂåÀ×ÍÐÒ½Ôº £¬ÇÔÈ¡1.5TBÃô¸ÐÊý¾Ý


3ÔÂ10ÈÕ £¬RansomHouseÍÅ»ï°ä·¢ÈëÇÖÁËÖ¥¼Ó¸çÂåÀ×ÍÐÒ½Ôº £¬ÕâÊÇÒ»¼Ò³ÉÁ¢ÓÚ1939ÄêµÄ·ÇͶ»úÐÔÉçÇøÒ½ÁƱ£½¡ÌṩÉÌ £¬ÌṩÔ̺¬µÍ¼¶±£½¡¡¢ÀÏÄêҽѧ¡¢ÊÓÁ¦±£½¡µÈ¶àÖÖ·þÎñ ¡£¸ÃÍÅ»ïÐû³ÆÒÑÇÔÈ¡1.5TBµÄÃô¸ÐÊý¾Ý £¬µ«ÉÐδ°ä²¼ÈκÎÖ¤¾Ý ¡£RansomHouseÊÇÒ»¸ö×Ô2021Äê12ÔÂÒÔÀ´Ò»Ïò»îÔ¾µÄÊý¾ÝÀÕË÷×éÖ¯ £¬ËûÃDz»¼ÓÃÜÊý¾Ý £¬¶øÊÇרһÓÚÊý¾Ý͵ÇÔ £¬Í¨¹ýй¶Êý¾ÝÐßÈè²»¸¶¿îµÄÊܺ¦Õß £¬ÆäÖÐÔ̺¬AMDºÍKeraltyµÈ¹«Ë¾ ¡£ÃÀ¹úÒ½ÔºÒòÖÎÀí´óÁ¿Ãô¸ÐÊý¾Ý¶ø³ÉΪÍþвÐÐΪÕßµÄÓÅÏÈÖ¸±ê ¡£2024Äê £¬Õë¶ÔÃÀ¹úÒ½ÁƱ£½¡ÌṩÉ̵ÄÀÕË÷Èí¼þ¹¥»÷¼¤Ôö £¬ÆäÖÐ98´Î¹¥»÷й¶ÁË1.17Òڱʼͼ ¡£ÂåÀ×ÍÐÒ½ÔºÔÚ2023ÄêÒ²Ôø²úÉú¹ýһ·Êý¾Ý°²È«ÊÂÎñ £¬Ò»ÃûǰԱ¹¤µÁÓÃÁËÉÙÊý»¼ÕߵݲȫÉãÏñͷ¼Ïñ²¢°ä²¼ÔÚFacebookÉÏ £¬Ëæºó¼Ïñ±»É¾³ý £¬ÊÜÓ°ÏìµÄ»¼ÕßÒ²ÊÕµ½ÁË֪ͨ ¡£ÕâЩÊÂÎñÔÙ´ÎÌáÐÑÈËÃÇÊý¾Ý°²È«µÄ³ÁÒªÐÔ ¡£


https://securityaffairs.com/175187/cyber-crime/ransomhouse-gang-claims-the-hack-of-the-loretto-hospital-in-chicago.html


6. Öж«±±·ÇÔâ·êAsyncRAT¶ñÒâÈí¼þй¥»÷


3ÔÂ10ÈÕ £¬×Ô2024Äê9ÔÂÆð £¬Öж«ºÍ±±·ÇµØÓò³ÉΪ´«²¼AsyncRAT¶ñÒâÈí¼þÅú¸Ä°æ±¾µÄÐÂÖ¸±ê ¡£¾ÝPositive Technologies×êÑÐÈËÔ±·ÖÎö £¬Õâ´Î»î¶¯Óë¸ÃµØÓòµØÔµÕþÖÎÆøÏóçÇÃÜÓйØ £¬¹¥»÷Õßͨ¹ýFacebookµÈÉ罻ýÌåÆ½Ì¨´´½¨ÁÙʹØÊ»§ºÍÐÂÎÅÆµÂ· £¬°ä²¼º¬ÓжñÒâÈí¼þÁ´½ÓµÄ¸æ°× £¬ÓÕµ¼Óû§ÏÂÔØ²¢Ï°È¾É豸 ¡£¸Ã¶ñÒâÈí¼þ±»ÍйÜÔںϷ¨µÄÔÚÏßÎļþ¹²ÏíÕÊ»§»òTelegramƵ·ÖÐ £¬×Ô2024ÄêÇï¼¾ÒÔÀ´ÒÑÔì³ÉÔ¼900ÃûÊܺ¦Õß £¬ÖØÒªÉ¢²¼ÔÚÀû±ÈÑÇ¡¢É³Ìذ¢À­²®¡¢°£¼°µÈ¹ú¶È ¡£ÃûΪDesert DexterµÄÍþвÐÐΪÕßÓÚ2025Äê2Ô±»¸æ·¢ £¬ÆäʹÓõĶñÒâÈí¼þÔ̺¬ÀëÏß¼üÅ̼ͼÆ÷¡¢¼ÓÃÜÇ®±ÒÇ®°üËÑË÷Ö°ÄÜ £¬²¢ÄÜÓëTelegram»úеÈËͨѶ ¡£Ö»¹ÜÄ»ºóºÚÊÖÉí·ÝÉв»Ë¬ÀÊ £¬µ«JavaScriptÎļþÖеİ¢À­²®Óï×¢½â°µÊ¾ÁË¿ÉÄܵįðÔ´ ¡£¶ÔTelegram»úеÈËÐÂÎŵĽøÒ»²½·ÖÎö½ÒʾÁ˹¥»÷Õß×ÀÃæµÄÆÁÄ»½ØÍ¼ºÍʹÓõŤ¾ß £¬ÒÔ¼°Ò»¸ö¿ÉÄÜÖ¸ÏòÀû±ÈÑǵÄTelegramƵ·Á´½Ó ¡£×êÑÐÈËÔ±Ö¸³ö £¬Ö»¹ÜDesert DexterʹÓõŤ¾ß²¢²»¸´ÔÓ £¬µ«Facebook¸æ°×ÓëºÏ·¨·þÎñµÄ½áºÏÒÔ¼°¶ÔµØÔµÕþÖδóÊÆµÄÀûÓà £¬µ¼ÖÂÁË´óÁ¿É豸Êܵ½Ï°È¾ £¬¶ÔÍøÂ簲ȫ×é³ÉÑϳÁÍþв ¡£


https://thehackernews.com/2025/03/desert-dexter-targets-900-victims-using.html