» 뉴스 » 마이크로 소프트 보고서: 월에 해커가 적극적으로 WinRAR과 취약점을 사용

마이크로 소프트 보고서: 월에 해커가 적극적으로 WinRAR과 취약점을 사용

Microsoft published details of Windows-managed attacks on computers in media companies that took place in March.

나는n the attacks, criminals utilized famous WinRAR vulnerability that gained popularity within criminal groups in the latest months. Hackers armed themselves with it immediately after publication by Check Point company, on February 20. That time researchers demonstrated how through this vulnerability code with the help of a file with special configuration (compressed files format) may be applied random code.

New improved WinRAR version was issued month before Check Point publication, but even in March Microsoft still watched attacks with CVE-2018-20250.

In the March campaign, hackers sent fishing letters allegedly from Afghanistan Home Office. Methods of social engineering that they applied were carefully planned to ensure full remote system discredit in the frameworks of WinRAR limited vulnerability.

Fishing letters contained Microsoft Word file with the link on other OneDrive document. It did not contain any malware macro to prevent attack detection. 하나, OneDrive document contained malware macro and after their activation victim’s system received new hacker’s software.

Document With Malicious Macro
Downloaded document with malicious macro

Document also contained “Next page” button that contained fake notification about absence of necessary file DLD and necessity of computer restart. This trick was necessary as vulnerability enables malware programs to download files in a certain folder but not to start them at once. Considering this, ideal solution was putting program in the “Startup” folder. Files from this folder started at once after restarting computer.

After restart in the infected system started backdoor PowerShell that opens hackers full access to it. Use of this backdoor and other features pointed that cyber-band 흙탕물 is responsible for the attacks.

This PowerShell script is similar to a script that has been used in past MuddyWater campaigns”, – confirmed Microsoft experts.

출처: https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

웹엑스 초대에 RAT 트로이 목마

범죄자들은 ​​웹엑스 초대에 RAT 트로이 목마에 대한 링크를 제공

정보 보안 전문가 알렉스 Lanstein는 RAT의 분포에 대한 원래의 벡터를 발견 …

해킹 대회 Pwn2Own 도쿄

해킹 대회 Pwn2Own 도쿄의 참가자 2019 해킹 된 삼성 갤럭시 S10, 샤오 미 MI9, 아마존 에코 및뿐만 아니라

해킹 대회 Pwn2Own 도쿄 2019, 전통적으로 PacSec 회의의 일환으로 개최 …

회신을 남겨주