I-'ShroudedSnooper' Backdoors Use Ultra-Stealth In Mideast Telecom Attacks

Umlingisi ongase abe sengozini yenoveli usanda kuphazamisa ababili Izinhlangano zezokuxhumana ezizinze eMpumalanga Ephakathi, kusetshenziswa izicabha ezimbili ezingemuva ezinezindlela ebezingabonwa ngaphambilini zokulayisha isinyenyela ikhodi yegobolondo enonya kusistimu eqondiwe.

Embikweni owabiwe ne-Dark Reading, u-Cisco Talos uqambe isethi yokungena ngokuthi “ShroudedSnooper,” njengoba ayikwazanga ukuhlobanisa umsebenzi nanoma yimaphi amaqembu akhonjwe ngaphambilini.

I-ShroudedSnooper isebenzisa izicabha ezimbili ezingemuva - “HTTPSnoop” kanye “NePipeSnoop” - enezindlela ezibanzi zokunqanda ukubona, okuhlanganisa ukuzenza njengemikhiqizo yesofthiwe edumile kanye nokuthelela izingxenye ezisezingeni eliphansi zamaseva e-Windows. Uma sezitshaliwe, zisebenzisa i-shellcode ukuze zinikeze abahlaseli be-inthanethi indawo eqhubekayo kumanethiwekhi ezisulu, benamandla hambisa eceleni, ukhiphe idatha, noma udedele uhlelo olungayilungele ikhompuyutha olwengeziwe.

"Kufanele ngisho: lezi zinobuqili kakhulu," kusho uVitor Ventura, umcwaningi oholayo wezokuphepha noCisco Talos. “Bayocasha obala. Futhi kunzima ngendlela emangalisayo ukuhlukanisa ukuziphatha kwabo okubi nokuhle. Ihlakaniphe kakhulu.”

Usongo Olusha Olungemuva: I-HTTPSnoop

Akukacaci ukuthi ukungena kwe-ShroudedSnooper kufinyelelwa kanjani, nakuba abacwaningi beqagela ukuthi abahlaseli bangase basebenzise amaseva asengozini, abhekene ne-inthanethi ngaphambi kokusebenzisa i-HTTPSnoop - epakishwe njengomtapo wezincwadi we-dynamic-link noma ifayela elisebenzisekayo - ukuze baqinise ukufinyelela kokuqala.

Esikhundleni sokuthatha umzila ojwayelekile we iwisa igobolondo leWebhu kuseva ye-Windows eqondisiwe, i-HTTPSnoop ithatha indlela ecashile, ejikelezayo, isebenzisa izinga eliphansi. Windows APIs ukuxhumana ngqo neseva ye-HTTP kusistimu eqondiwe.

Njenge-parasite, isebenzisa ukufinyelela kwezinga le-kernel ukuze izibophe kumaphethini athile e-HTTP(S) URL, bese ilalela izicelo ezingenayo. Uma isicelo se-HTTP esingenayo sihlangabezana nephethini ethile, sikhipha amakhodi idatha esicelweni.

“Eqinisweni abakwenzayo wukuthi basebenzisa kabi isici esithile. Asebenza kanjalo amaseva eWebhu ye-Windows,” kusho u-Ventura, ngaphambi kokungeza ukuthi “angikaze ngilubone lolu hlobo lokuhlukumeza lwenziwa ukwakha izimila ngaphambili.”

Ukwengeza kulokho okuyimfihlo, amaphethini e-URL okukhulunywa ngawo avame ukuhambisana nemikhiqizo yesofthiwe edumile, evamile. Isibonelo, i-Ventura ithi, “ngisho noma umhlaziyi ebheka ama-URL, kuzobukeka sengathi I-imeyili yewebhu ye-Outlook evamile. Kuzofanele banake, ngaphandle uma bazi kahle ukuthi bafunani.”

Leyo datha ekhishwe ezicelweni ze-HTTP, ngokwemvelo, izoba yi-shellcode enonya, bese ibulawa kudivayisi ethelelekile.

Ubunzima bokumisa i-ShroudedSnooper

NgoMeyi, abahlaseli beShroudedSnoop bathuthukise i-HTTPSnoop, “PipeSnoop.” Njengomfowabo, ihlose ukunika amandla i-shellcode engaqondakali ukuthi isebenze endaweni ehlosiwe, kodwa ngokufunda nokubhalela ipayipi elikhona ngaphambili - ingxenye yememori eyabiwe esetshenziselwa ukuxhumana kwezinqubo (IPC).

Ukuqhubeka nokubalekela amehlo okubuka, kufanele kuqashelwe, womabili ama-Snoops afika apakishwe kumafayela asebenzisekayo alingisa. Isicelo sePalo Alto Networks 'Cortex XDR.

Ukuthi i-HTTPSnoop esivele igcwele isinyenyela iyathuthukiswa futhi isebenza kuphela ukukhombisa ukuthi kungaba nzima kangakanani ngezingcingo ukuhlonza nokukhipha lezi zindlu ezingemuva.

“Yebo izisulu zingayithungatha. Bangakwazi ukuhlola ukuthi yimaphi ama-URL abhalisiwe ngaphakathi kweseva yeWebhu, bese bezama ukubona ukuthi yiziphi izinkokhelo ezibizwayo, nokuthi yimaphi ama-DLL ahlotshaniswa nalawo ma-callback. Kepha futhi, lowo ngumsebenzi wezobunhloli, okungelula kangako ukuwenza ezinhlelweni zokukhiqiza bukhoma,” kuchaza uVentura.

“Ngakho-ke ngingasho ukuthi ukuvimbela kuyisici esibalulekile ngempela kulokhu,” kuphetha yena. Kunokuba zizame ukunqoba ama-backdoors ngokwawo, “ngoba kunezinga elithile lelungelo elidingekayo ukwenza lokhu, izinkampani zingasebenzisa amathuluzi ezinawo ukuze zithole izinyathelo zangaphambilini ngaphambi kokuthi uhlelo olungayilungele ikhompyutha lufakwe, ngoba ludinga phezulu. amalungelo.”

I-SEO Powered Content & PR Distribution. Khuliswa Namuhla.
I-PlatoData.Network Vertical Generative Ai. Zinike Amandla. Finyelela Lapha.
I-PlatoAiStream. I-Web3 Intelligence. Ulwazi Lukhulisiwe. Finyelela Lapha.
I-PlatoESG. Ikhabhoni, I-CleanTech, Amandla, Environment, Ilanga, Ukuphathwa Kwemfucuza. Finyelela Lapha.
I-PlatoHealth. I-Biotech kanye ne-Clinical Trials Intelligence. Finyelela Lapha.
Source: https://www.darkreading.com/dr-global/shroudedsnooper-backdoors-ultra-stealth-mideast-telecom-attacks

I-Generative Data Intelligence

'I-ShroudedSnooper' Ingemuva isebenzisa i-Ultra-Stealth ekuhlaselweni kwe-Mideast Telecom

Usongo Olusha Olungemuva: I-HTTPSnoop

Ubunzima bokumisa i-ShroudedSnooper

Turmoil in Crypto: Binance Founder Sentenced, Advocates Question ChatGPT’s Data Integrity, and the Bitcoin Price Battle at $60K

I-Blockchain Shakeup: Umsunguli We-Binance Ugwetshwe Njengabameli Base-Austrian Inselelo YengxoxoGPT's Ukuthembeka

Latest Intelligence

I-Crypto Turbulence: Umsunguli ka-Binance Ugwetshiwe, Abameli Base-Austrian Umbuzo Wokunemba kwengxoxoIngxoxo yeGPT, kanye neMpi kaBitcoin nge-$60K

Umsunguli we-Binance u-Changpeng Zhao Ugwetshwe Ejele Phakathi Kwesihlava Sokukhwabanisa: Imithelela Embonini Ye-Crypto

Umsunguli we-Binance Uthunyelwe Ejele Phakathi Kwesihlava Sokukhwabanisa: Isicelo Sokuvuka Se-Crypto Vigilance

I-Crypto Turbulence: Umsunguli We-Binance Ugwetshwe Njengabameli Base-Austrian Inselele YengxoxoUkunemba Kwedatha Ye-GPT

U-Binance Shock: Umsunguli u-Changpeng Zhao Ugwetshwe njenge-Crypto Community Reels

Ukusuka Kumbono Kuya Ekugwetshweni: Umsunguli weBinance u-Changpeng Zhao Ugwetshwe Phakathi Kwezinxushunxushu Nokubhekisiswa Kwe-Crypto

Xoxa nathi