SolarWinds攻击:我们从未见过这样的情况
时间:2022-04-15 18:27:01 | 来源:行业动态
时间:2022-04-15 18:27:01 来源:行业动态
Its been covered in the press but in case you dont know the details, SolarWinds is a company that provides software to monitor many aspects of on-premises infrastructure, including network performance, log files, configuration data, storage, servers and the like. Like all software companies, SolarWinds sends out regular updates and patches. Hackers were able to infiltrate the update and trojanize the software meaning when customers installed the updates, the malware just went along for the ride.
媒体报道过SolarWinds攻击,但假若读者并不知道细节的话,SolarWinds公司提供的软件用于监控企业内部基础架构许多方面的运行,包括网络性能、日志文件、配置数据、存储、服务器等等。SolarWinds和所有其他软件公司一样也会定期发布更新和补丁。而黑客则成功渗透了SolarWinds的更新并植入木马,这意味着客户在安装更新时,植入的恶意软件就搭上了顺风车。
The reason this is so insidious is that often hackers will target installations that havent installed patches or updates and identify vulnerabilities in the infrastructure that exist as a result. In this case, the very code designed to protect organizations actually facilitated a breach. According to experts, this was quite a sophisticated attack with multiple variants that most believe was perpetrated by the Russian hacker group Cozy Bear, an advanced persistent threat or APT as classified by the U.S. government.
这种情况下的中招很隐蔽,原因是黑客往往会瞄着那些没有安装补丁或更新的系统,然后找到存在的基础架构漏洞。在这种情况下,用作保护组织的代码实际上还促进了漏洞的发生。据专家介绍,这次的SolarWinds攻击属于高级攻击,而且有多个变种,大多数人认为是出自俄罗斯黑客组织Cozy Bear的手笔。Cozy Bear被美国政府归类为高级持久性威胁,或APT。
It is suspected that somehow they phished their way into a GitHub repo and stole username and password access to allow them to penetrate the supply chain of software that is delivered over the Internet. But public information on this attack is still spotty. What is known is that the attackers had been lurking since March of last year and had nine months to exfiltrate troves of data from the U.S. government and numerous other companies, including Microsoft Corp. and Cisco Systems Inc.
据推测,Cozy Bear是以某种钓鱼方式进入一个GitHub库并窃取了用户名和密码访问权限,进而渗透到经互联网交付的软件供应链里。但关于这次攻击的公开信息还是很零散。已经知道的信息是攻击者去年3月就潜伏下来,在9个月的时间从美国政府和众多其他公司(包括微软公司和思科系统公司)那窃取了大量数据。
### What CISOs say about the attack
在线咨询
