{"id":52008,"date":"2017-09-06T09:00:30","date_gmt":"2017-09-06T01:00:30","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=52008"},"modified":"2017-08-29T16:17:55","modified_gmt":"2017-08-29T08:17:55","slug":"%e3%80%8a%e9%ad%9a%e5%8f%89%e5%bc%8f%e7%b6%b2%e8%b7%af%e9%87%a3%e9%ad%9a%e3%80%8b-%e4%b8%80%e5%b0%81%e5%81%87%e7%9a%84-pdf%e5%b7%a5%e4%bd%9c%e9%82%80%e8%ab%8b%e5%87%bd-%e7%b6%b2%e8%b7%af%e9%96%93","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=52008","title":{"rendered":"\u300a\u9b5a\u53c9\u5f0f\u7db2\u8def\u91e3\u9b5a\u300b \u4e00\u5c01\u5047\u7684 PDF\u5de5\u4f5c\u9080\u8acb\u51fd, \u7db2\u8def\u9593\u8adc\u96c6\u5718\u9396\u5b9a G20 \u9ad8\u5cf0\u6703\u5404\u570b\u4ee3\u8868"},"content":{"rendered":"<h3>G20 \u6578\u4f4d\u7d93\u6fdf\u5de5\u4f5c\u5c0f\u7d44\u9ad8\u5cf0\u6703\u5373\u5c07\u4f86\u81e8\uff0c\u7db2\u8def\u9593\u8adc\u96c6\u5718 Turla \u63d0\u65e9\u90e8\u7f72\u5f8c\u9580\u7a0b\u5f0f<\/h3>\n<p>\u4e3b\u8981\u91dd\u5c0d\u653f\u5e9c\uff0c\u9ad8\u7d1a\u5b98\u54e1\u548c\u5916\u4ea4\u5b98\u7684 Turla \u7db2\u8def\u9593\u8adc\u96c6\u5718,\u9019\u6b21\u9396\u5b9aG20 \u6578\u4f4d\u7d93\u6fdf\u5de5\u4f5c\u5c0f\u7d44,\u6839\u64da\u00a0<a href=\"https:\/\/www.ibtimes.co.uk\/russian-hackers-caught-using-hijacked-pdf-files-infiltrate-g20-task-force-1635691\">\u5a92\u9ad4\u5831\u5c0e<\/a>\uff0c\u8a72\u7db2\u8def\u9593\u8adc\u96c6\u5718\u76ee\u524d\u6b63\u7dca\u76ef\u8457\u5373\u5c07\u5728\u5fb7\u570b\u6f22\u5821\u8209\u884c\u7684 G20 \u6578\u4f4d\u7d93\u6fdf\u5de5\u4f5c\u5c0f\u7d44\u9ad8\u5cf0\u6703\uff0c\u4e26\u63d0\u65e9\u90e8\u7f72\u4e00\u500b\u53eb\u4f5c KopiLuwak \u7684\u5f8c\u9580\u7a0b\u5f0f (\u8da8\u52e2\u79d1\u6280\u547d\u540d\u70ba <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/TROJ_KOPILUWAK.A\">TROJ_KOPILUWAK.A<\/a>\u3001\u00a0<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/JS_KOPILUWAK.A\">JS_KOPILUWAK.A<\/a> \u548c \u00a0<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/JS_KOPILUWAK.B\">JS_KOPILUWAK.B<\/a>)\uff0c\u5c08\u9580\u9396\u5b9a\u6240\u6709\u53d7\u9080\u4eba\u54e1\u3001\u4f86\u8cd3\u53ca\u5404\u570b\u4ee3\u8868\u3002\u6b64\u5f8c\u9580\u7a0b\u5f0f\u9664\u4e86\u6703\u7aca\u53d6\u8cc7\u6599\u4e4b\u5916\uff0c\u9084\u6703\u4e0b\u8f09\u66f4\u591a\u60e1\u610f\u7a0b\u5f0f\u5230\u53d7\u611f\u67d3\u7684\u96fb\u8166\u4e0a\u57f7\u884c\uff0c\u6216\u8005\u57f7\u884c\u5176\u4ed6\u6307\u4ee4\u3002\u8cc7\u5b89\u7814\u7a76\u4eba\u54e1\u5df2\u7d93\u901a\u77e5\u5fb7\u570b\u96fb\u8166\u7dca\u6025\u61c9\u8b8a\u806f\u5408\u4e2d\u5fc3 CERT-Bund\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/blogicons\/spam.jpg\" \/><\/p>\n<p><strong>[\u5ef6\u4f38\u95b1\u8b80\uff1a<\/strong><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/spear-phishing-101-what-is-spear-phishing\"><strong>\u4f55\u8b02\u9b5a\u53c9\u5f0f\u7db2\u8def\u91e3\u9b5a\uff0c\u60a8\u8a72\u5982\u4f55\u9632\u7bc4\uff1f<\/strong><\/a><strong>]<\/strong><\/p>\n<p><strong>\u5047\u7684 G20 \u5de5\u4f5c\u5c0f\u7d44\u9ad8\u5cf0\u6703 PDF\u9080\u8acb\u51fd,\u5f15\u8a98\u53d7\u5bb3\u8005\u958b\u555f<\/strong><\/p>\n<p>\u6839\u64da\u89c0\u5bdf\uff0cTurla \u7684\u6700\u65b0\u884c\u52d5\u5f88\u53ef\u80fd\u6703\u5229\u7528<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/web-attack\/137\/watering-hole-101\">\u6c34\u5751\u5f0f\u653b\u64ca<\/a>\u548c<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=15888\">\u9b5a\u53c9\u5f0f\u91e3\u9b5a\u653b\u64ca\uff08SPEAR PHISHING\uff09<\/a>\u90f5\u4ef6\u4e26\u5229\u7528\u4e00\u500b\u5047\u7684 G20 \u5de5\u4f5c\u5c0f\u7d44\u9ad8\u5cf0\u6703\u9080\u8acb\u51fd\u4f86\u5f15\u8a98\u53d7\u5bb3\u8005\u958b\u555f\u3002\u9019\u9805\u6703\u8b70\u5373\u5c07\u5728 10 \u6708\u8209\u884c\uff0c\u8cc7\u5b89\u5c08\u5bb6\u767c\u73fe\uff0c\u524d\u8ff0\u9b5a\u53c9\u5f0f\u7db2\u8def\u91e3\u9b5a\u90f5\u4ef6\u6240\u633e\u5e36\u7684 PDF \u6587\u4ef6 (\u6a94\u540d\u300c<em>Save the Date G20 Digital Economy Taskforce 23 24 October.pdf<\/em>\u300d) \u4f3c\u4e4e\u662f\u500b\u6b63\u5e38\u6a94\u6848\uff0c\u4f46\u537b\u53ea\u662f\u500b\u5206\u6563\u6ce8\u610f\u529b\u7684\u8a98\u990c\u3002\u6b64\u5916\u5b83\u6703\u5728\u7cfb\u7d71\u690d\u5165\u4e00\u500b\u60e1\u610f JavaScript \u6a94\u6848\uff0c\u89e3\u5bc6\u4e4b\u5f8c\u6703\u5728\u53d7\u611f\u67d3\u96fb\u8166\u8a18\u61b6\u9ad4\u5167\u57f7\u884c KopiLuwak\u3002<\/p>\n<p><strong>[\u5ef6\u4f38\u95b1\u8b80\uff1a<\/strong><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/operation-cloud-hopper-what-you-need-to-know\"><strong>APT10\/menuPass \u7684\u7db2\u8def\u9593\u8adc\u884c\u52d5 Operation Cloud Hopper \u653b\u64ca\u8a17\u7ba1\u5f0f\u670d\u52d9\u4f9b\u61c9\u5546<\/strong><\/a><strong>]<\/strong><\/p>\n<h3>Turla \u7db2\u8def\u9593\u8adc\u96c6\u5718\u66fe\u5c07\u653b\u64ca\u6307\u4ee4\u96b1\u85cf\u5728\u5c0f\u751c\u751cIG\u7167\u7247\u7559\u8a00\u4e2d<\/h3>\n<p><!--more--><\/p>\n<p>Turla \u662f\u4e00\u500b\u4fc4\u7f85\u65af\u7684\u7db2\u8def\u9593\u8adc\u96c6\u5718\uff0c\u4ee5\u7368\u7279\u3001\u96b1\u5bc6\u7684\u653b\u64ca\u624b\u6cd5\u805e\u540d\u3002\u66fe\u7d93\u5728\u516d\u6708\u5728\u5c0f\u751c\u751c\u5e03\u862d\u59ae (Britney Spears) \u7684\u4e00\u5247 Instagram \u8cbc\u6587\u56de\u61c9\u4e2d\u7559\u4e0b\u60e1\u610f\u8edf\u9ad4\u8207\u5e55\u5f8c\u64cd\u7e31 (C&amp;C) \u4f3a\u670d\u5668\u806f\u7e6b\u7684\u653b\u64ca\u6307\u4ee4, \u800c<a href=\"https:\/\/www.scmagazineuk.com\/russian-hackers-used-britney-spears-instagram-posts-to-control-malware\/article\/667180\/\">\u767b\u4e0a\u65b0\u805e\u5a92\u9ad4<\/a>,\u4ed6\u5011\u6240\u6563\u767c\u7684\u60e1\u610f\u7a0b\u5f0f\u6703\u507d\u88dd\u6210 Firefox \u700f\u89bd\u5668\u7684\u5ef6\u4f38\u529f\u80fd\/\u5916\u639b\u7a0b\u5f0f\uff0c\u4e26\u7d93\u7531\u4e00\u500b\u5df2\u906d\u5165\u4fb5\u7684\u745e\u58eb\u7db2\u7ad9\u6563\u5e03\u3002<a href=\"https:\/\/www.scmagazineuk.com\/turla-in-the-sky-with-satellites-cyber-espionage-group-hides-cc-server-locale\/article\/535023\/\">2015 \u5e74 9 \u6708<\/a>\uff0c\u4ed6\u5011\u66fe\u6210\u529f\u5229\u7528\u5b89\u5168\u6027\u4e0d\u4f73\u7684\u885b\u661f\u7db2\u969b\u7db2\u8def\u670d\u52d9\u4f86\u96b1\u85cf\u5176 C&amp;C \u4f3a\u670d\u5668\u3002\u00a0<a href=\"https:\/\/www.pcworld.com\/article\/2857472\/the-turla-espionage-operation-also-infected-linux-systems-with-malware.html\">2014 \u5e74 12 \u6708<\/a>\uff0c\u8a72\u96c6\u5718\u66fe\u7d93\u4f7f\u7528\u4e00\u500b\u5c08\u9580\u91dd\u5c0d Linux \u4f5c\u696d\u7cfb\u7d71\u7684\u958b\u653e\u539f\u59cb\u78bc\u5f8c\u9580\u7a0b\u5f0f\u3002<\/p>\n<p><strong>[TrendLabs \u8cc7\u8a0a\u5b89\u5168\u60c5\u5831\u90e8\u843d\u683c\uff1a<\/strong><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched\/\"><strong>Pawn Storm \u8d81\u96f6\u6642\u5dee\u6f0f\u6d1e\u4fee\u88dc\u4e4b\u524d\u52a0\u5f37\u9b5a\u53c9\u5f0f\u7db2\u8def\u91e3\u9b5a\u653b\u64ca\u706b\u529b<\/strong><\/a><strong>]<\/strong><\/p>\n<p>Turla \u7684\u6700\u65b0\u653b\u64ca\u884c\u52d5\u6709\u9ede\u985e\u4f3c\u5176\u4ed6\u7db2\u8def\u9593\u8adc\u96c6\u5718\u5982 <a href=\"https:\/\/blog.trendmicro.com.tw\/?s=%20Pawn%20Storm\">Pawn Storm<\/a> \u548c <a href=\"https:\/\/blog.trendmicro.com.tw\/?p=51879\">ChessMaster<\/a> \u6240\u63a1\u7528\u7684\u624b\u6cd5\u3002\u4e5f\u5c31\u662f\u5229\u7528\u4e00\u4e9b\u7576\u524d\u7684\u6642\u4e8b\u548c\u6b63\u5e38\u7684\u6587\u4ef6\u4f86\u7576\u4f5c\u5206\u6563\u6ce8\u610f\u529b\u7684\u8a98\u990c\uff0c\u7136\u5f8c\u5728\u80cc\u5f8c\u5b89\u88dd\u5f8c\u9580\u7a0b\u5f0f\u5230\u96fb\u8166\u4e0a\u3002\u5982\u6b64\u4e00\u4f86\uff0c\u4ed6\u5011\u5c31\u80fd\u5728\u76ee\u6a19\u5167\u90e8\u7db2\u8def\u6a6b\u5411\u79fb\u52d5\uff0c\u4f3a\u6a5f\u7aca\u53d6\u6a5f\u5bc6\u8cc7\u6599\u548c\u71df\u904b\u95dc\u9375\u8cc7\u8a0a\u3002<\/p>\n<p>\u9019\u6ce2\u7db2\u8def\u9593\u8adc\u653b\u64ca\u7a81\u986f\u51fa\u4f01\u696d\u4e3b\u52d5\u9632\u7bc4\u99ed\u5ba2\u5165\u4fb5\u7684\u5fc5\u8981\u3002IT \u7cfb\u7d71\u7ba1\u7406\u54e1\u548c\u8cc7\u5b89\u4eba\u54e1\u61c9\u78ba\u5be6\u63a1\u53d6\u4e00\u5957\u00a0<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/understanding-targeted-attacks-defensive-measures\">\u6700\u4f73\u5be6\u52d9\u539f\u5247\u4f86\u9632\u7bc4\u91dd\u5c0d\u6027\u653b\u64ca<\/a>\u3002\u96a8\u6642\u4fdd\u6301\u4f5c\u696d\u7cfb\u7d71\u8207\u61c9\u7528\u7a0b\u5f0f\u66f4\u65b0\u662f\u7406\u6240\u7576\u7136\u7684\uff0c\u5982\u6b64\u53ef\u9632\u6b62\u99ed\u5ba2\u5229\u7528\u8edf\u9ad4\u6f0f\u6d1e\u9032\u5165\u7cfb\u7d71\u3002\u6b64\u5916\uff0c\u4e5f\u53ef\u8003\u616e\u63a1\u7528<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/virtual-patching-in-mixed-environments-how-it-protects-you\/\">\u865b\u64ec\u4fee\u88dc<\/a>\u6280\u8853\u4f86\u9632\u5835\u4e00\u4e9b\u5ee0\u5546\u5c1a\u672a\u91cb\u51fa\u66f4\u65b0\u6216\u4e0d\u518d\u4fee\u88dc\u7684\u6f0f\u6d1e\u3002\u53ef\u80fd\u7684\u8a71\uff0c\u76e1\u91cf\u63a1\u53d6\u6700\u4f4e\u6388\u6b0a\u7684\u539f\u5247\uff0c\u80fd\u4e0d\u958b\u653e\u7684\u6b0a\u9650\u5c31\u4e0d\u8981\u958b\u653e\u3002<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/infosec-guide-email-threats\">\u59a5\u5584\u4fdd\u8b77\u60a8\u7684\u96fb\u5b50\u90f5\u4ef6\u9598\u9053<\/a>\uff0c\u66f4\u91cd\u8981\u7684\u662f\u8981\u5efa\u7f6e\u4e00\u5957\u5305\u542b\u591a\u5c64\u5b89\u5168\u6a5f\u5236\u7684\u7e31\u6df1\u9632\u79a6\uff0c\u4f86\u78ba\u4fdd\u4f01\u696d\u95dc\u9375\u8cc7\u7522\u7684\u5b89\u5168\u6027\u3001\u4e00\u81f4\u6027\u8207\u53ef\u7528\u6027\u3002<\/p>\n<p><strong>\u8da8\u52e2\u79d1\u6280\u89e3\u6c7a\u65b9\u6848<\/strong><\/p>\n<p><a href=\"https:\/\/www.trendmicro.tw\/tw\/enterprise\/security-risk-management\/deep-discovery\/\">Deep Discovery<\/a> \u80fd\u5373\u6642\u5075\u6e2c\u3001\u6df1\u5165\u5206\u6790\u3001\u4e26\u4e3b\u52d5\u56de\u61c9\u4eca\u65e5\u96b1\u533f\u7684\u60e1\u610f\u7a0b\u5f0f\u8207\u91dd\u5c0d\u6027\u653b\u64ca\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u5957\u5c08\u70ba\u4f01\u696d\u91cf\u8eab\u8a02\u505a\u7684\u5b8c\u6574\u9632\u79a6\u4f86\u5c0d\u6297\u91dd\u5c0d\u6027\u653b\u64ca\u548c\u9032\u968e\u5a01\u8105\uff0c\u5229\u7528\u7279\u6b8a\u7684\u5f15\u64ce\u3001\u5ba2\u88fd\u5316\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u4ee5\u53ca\u5bc6\u5207\u7684\u4ea4\u53c9\u95dc\u806f\u5206\u6790\uff0c\u5b8c\u6574\u6db5\u84cb\u653b\u64ca\u7684\u6240\u6709\u968e\u6bb5\uff0c\u751a\u81f3\u4e0d\u9808\u66f4\u65b0\u5f15\u64ce\u6216\u75c5\u6bd2\u78bc\u5c31\u80fd\u5075\u6e2c Turla \u7db2\u8def\u9593\u8adc\u96c6\u5718\u653b\u64ca\u884c\u52d5\u7576\u4e2d\u7684\u5404\u9805\u5a01\u8105\u3002<\/p>\n<p>\u8da8\u52e2\u79d1\u6280 \u00a0<a href=\"https:\/\/www.trendmicro.tw\/tw\/business\/cloud-data\/index.html\">Hybrid Cloud Security<\/a> \u89e3\u6c7a\u65b9\u6848\u662f\u4ee5\u8da8\u52e2\u79d1\u6280 <a href=\"https:\/\/t.rend.tw\/?i=NTAyMA\">XGen<\/a>\u2122 \u9632\u8b77\u70ba\u5f8c\u76fe\uff0c\u4e26\u5305\u542b\u8da8\u52e2\u79d1\u6280 <a href=\"https:\/\/t.rend.tw\/?i=Mzc4MQ\">\u8da8\u52e2\u79d1\u6280Deep Security<\/a>\u2122 \u89e3\u6c7a\u65b9\u6848\uff0c\u63d0\u4f9b\u4e86\u8de8\u4e16\u4ee3\u878d\u5408\u7684\u5a01\u8105\u9632\u79a6\u6280\u5de7\uff0c\u5c08\u70ba\u4fdd\u8b77\u5be6\u9ad4\u3001\u865b\u64ec\u53ca\u96f2\u7aef\u5de5\u4f5c\u8ca0\u8f09\u548c\u4f3a\u670d\u5668\u800c\u6700\u4f73\u5316\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cyber-attacks\/cyberespionage-group-turla-deploys-backdoor-ahead-of-g20-summit\"> Cyberespionage Group Turla Deploys Backdoor Ahead of G20 Task Force Summit<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>G20 \u6578\u4f4d\u7d93\u6fdf\u5de5\u4f5c\u5c0f\u7d44\u9ad8\u5cf0\u6703\u5373\u5c07\u4f86\u81e8\uff0c\u7db2\u8def\u9593\u8adc\u96c6\u5718 Turla \u63d0\u65e9\u90e8\u7f72\u5f8c\u9580\u7a0b\u5f0f \u4e3b\u8981\u91dd\u5c0d\u653f\u5e9c\uff0c\u9ad8\u7d1a\u5b98\u54e1\u548c\u5916 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[65,2411],"tags":[3481,3482,3340],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/52008"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=52008"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/52008\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=52008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=52008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=52008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}