Tyler Cross
Kushicilelwe ngo: April 25, 2024
Isikhondlakhondla sezobuchwepheshe, iMicrosoft, sisanda kulungisa ubungozi nge-software yayo ye-Windows eyayixhashazwa ngabaduni baseRussia. Abalingisi abasabisayo baphendula amagama eqembu amaningi, okuhlanganisa i-APT 28, i-Forrest Blizzard, ne-Fancy Bear.
Imvamisa, leli qembu laziwa ngokwethula izinhlobonhlobo zokuhlasela kobugebengu bokweba imininingwane ebucayi kanye nokukhwabanisa ezinkampanini ezihlukene emhlabeni jikelele. Abacwaningi abaningi eqenjini baphethe ngokuthi benza ukuhlasela okuzuzisa izwe laseRussia, okuholele abaningi ekuphetheni ngokuthi bayiqembu labagebengu bangempela elixhaswe nguhulumeni.
Basebenzise isevisi ye-Windows Printer Spooler ukuze bazinike amalungelo okuphatha futhi bantshontshe imininingwane esengozini kunethiwekhi ye-Microsoft. Umsebenzi wawuhilela ukusetshenziswa kwe-GooseEgg, ithuluzi elisanda kukhonjwa le-malware i-APT 28 elenzelwe umsebenzi.
Esikhathini esedlule, iqembu lidale amanye amathuluzi okugebenga, njenge-X-Tunnel, XAgent, Foozer, ne-DownRange. Iqembu lisebenzisa la mathuluzi ukuze liqalise ukuhlasela futhi lidayisele ezinye izigebengu izisetshenziswa. Lokhu kwaziwa njengemodeli ye-malware-as-a-service.
Ukuba sengozini, okubizwa ngokuthi i-CVE-2022-38028, akuzange kubonwe iminyaka eminingi, okuvumela laba bagebengu ukuba babe namathuba amaningi okuvuna idatha ebucayi ku-Windows.
I-APT 28 “isebenzisa i-GooseEgg njengengxenye yemisebenzi yangemva kokuyekethisa ngokumelene nemigomo ehlanganisa uhulumeni wase-Ukraine, Western Europe, kanye nohulumeni waseNyakatho Melika, izinhlangano ezingekho ngaphansi kukahulumeni, ezemfundo, nezinhlangano zezokuthutha,” kuchaza iMicrosoft.
Abaduni "balandela izinhloso ezinjengokwenza ikhodi ekude, ukufaka i-backdoor, kanye nokuhambela eceleni ngamanethiwekhi onakalisiwe."
Ochwepheshe abambalwa be-cybersecurity bakhulume ngemuva kokutholakala kwe-CVE-2022-38028, bezwakalisa ukukhathazeka kwabo ngalo mkhakha.
“Amaqembu ezokuphepha asebenze ngendlela emangalisayo ekuhlonzeni nasekulungiseni ama-CVE, kodwa ngokwandayo yilokhu kulimala kwemvelo - kulokhu ngaphakathi kwensizakalo yeWindows Print Spooler, elawula izinqubo zokuphrinta - ezidala izikhala zokuphepha ezinikeza abadlali abanonya ukufinyelela kudatha," kubhala uGreg Fitzgerald. , umsunguli we-Sevco Security.
I-Microsoft ikulungisile ukuxhashazwa kwezokuphepha, kodwa umonakalo ongase ube khona ngenxa yalokhu kwephulwa kwemithetho yeminyaka eminingi akwaziwa futhi iqembu labaduni liselikhulu.
- I-SEO Powered Content & PR Distribution. Khuliswa Namuhla.
- I-PlatoData.Network Vertical Generative Ai. Zinike Amandla. Finyelela Lapha.
- I-PlatoAiStream. I-Web3 Intelligence. Ulwazi Lukhulisiwe. Finyelela Lapha.
- I-PlatoESG. Ikhabhoni, I-CleanTech, Amandla, Environment, Ilanga, Ukuphathwa Kwemfucuza. Finyelela Lapha.
- I-PlatoHealth. I-Biotech kanye ne-Clinical Trials Intelligence. Finyelela Lapha.
- Source: https://www.safetydetectives.com/news/microsoft-fixes-exploit-used-by-russian-threat-actors/
