{"id":68108,"date":"2021-05-15T09:00:00","date_gmt":"2021-05-15T01:00:00","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=68108"},"modified":"2021-05-14T19:54:06","modified_gmt":"2021-05-14T11:54:06","slug":"darkside-%e5%8b%92%e7%b4%a2%e7%97%85%e6%af%92%e8%88%87%e7%be%8e%e5%9c%8b%e8%bc%b8%e6%b2%b9%e7%ae%a1%e6%94%bb%e6%93%8a%e4%ba%8b%e4%bb%b6","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=68108","title":{"rendered":"Darkside \u52d2\u7d22\u75c5\u6bd2\u8207\u7f8e\u570b\u8f38\u6cb9\u7ba1\u653b\u64ca\u4e8b\u4ef6"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\"><\/h1>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>5 \u6708 7 \u65e5\uff0c\u4e00\u8d77<a href=\"http:\/\/blog.trendmicro.com.tw\/?p=12412\">\u52d2\u7d22\u75c5\u6bd2 Ransomware<\/a> (\u52d2\u7d22\u8edf\u9ad4\/\u7d81\u67b6\u75c5\u6bd2)\u653b\u64ca\u9020\u6210\u8ca0\u8cac\u7f8e\u570b\u6771\u5cb8\u8fd1\u534a\u6578\u6cb9\u7ba1\u904b\u8f38\u7684 &nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.reuters.com\/business\/energy\/us-govt-top-fuel-supplier-work-secure-pipelines-closure-enters-4th-day-2021-05-10\/\" target=\"_blank\">Colonial Pipeline<\/a> \u516c\u53f8\u4e3b\u52d5\u95dc\u9589\u71df\u696d\uff0c\u4f7f\u5f97\u6c7d\u6cb9\u3001\u67f4\u6cb9\u3001\u5bb6\u7528\u6696\u6c23\u7528\u6cb9\u3001\u5674\u5c04\u6a5f\u7528\u6cb9\u3001\u8ecd\u7528\u6cb9\u54c1\u5168\u90e8\u53d7\u5230\u56b4\u91cd\u885d\u64ca\u3002\u7f8e\u570b\u806f\u90a6\u6a5f\u52d5\u904b\u8f38\u5b89\u5168\u7ba1\u7406\u5c40 (Federal Motor Carrier Safety Administration\uff0c\u7c21\u7a31 FMCSA) &nbsp;\u5728\u5168\u7f8e 18 \u5dde<a rel=\"noreferrer noopener\" href=\"https:\/\/www.fmcsa.dot.gov\/emergency\/esc-ssc-wsc-regional-emergency-declaration-2021-002-05-09-2021\" target=\"_blank\">\u767c\u5e03\u7dca\u6025\u72c0\u614b<\/a>\u4f86\u7de9\u89e3\u6cb9\u54c1\u4f9b\u61c9\u4e2d\u65b7\u7684\u554f\u984c\u3002\u81ea\u99ed\u5ba2\u653b\u64ca\u9020\u6210 Colonial \u71df\u904b\u95dc\u9589\u4ee5\u4f86\u5df2\u7d93\u904e\u4e86\u4e94\u5929\uff0c\u8a72\u516c\u53f8\u4f9d\u820a\u6c92\u8fa6\u6cd5\u5b8c\u5168\u6062\u5fa9\u71df\u904b\u3002<\/p><\/blockquote>\n\n\n\n<p>&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/05\/1-1.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/05\/1-1-1024x538.png\" alt=\"\" class=\"wp-image-68111\" srcset=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/05\/1-1-1024x538.png 1024w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/05\/1-1-300x158.png 300w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/05\/1-1-768x403.png 768w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/05\/1-1-30x16.png 30w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/05\/1-1.png 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<p>\u6cb9\u54c1\u4f9b\u61c9\u4e2d\u65b7\u5df2\u7d93\u958b\u59cb\u5f71\u97ff\u8eca\u8f1b\u904b\u8f38\uff0c\u5728\u4e9e\u7279\u862d\u5927 (Atlanta) \u90fd\u6703\u5340\uff0c&nbsp;<a href=\"https:\/\/www.reuters.com\/business\/energy\/us-fuel-supplies-tighten-energy-pipeline-outage-enters-fifth-day-2021-05-11\/\" target=\"_blank\" rel=\"noreferrer noopener\">30% \u7684\u52a0\u6cb9\u7ad9\u90fd\u7121\u6cb9\u53ef\u8ce3<\/a>\uff0c\u5176\u4ed6\u57ce\u5e02\u56de\u5831\u7684\u6578\u64da\u4e5f\u5927\u81f4\u5982\u6b64\u3002\u70ba\u4e86\u7dad\u6301\u6c11\u751f\u5fc5\u8981\u6cb9\u54c1\u7684\u4f9b\u61c9\u7121\u865e\uff0c\u653f\u5e9c\u5df2\u767c\u5e03<a href=\"https:\/\/www.theguardian.com\/us-news\/2021\/may\/11\/us-colonial-pipeline-hack-gas-panic-buying\" target=\"_blank\" rel=\"noreferrer noopener\">\u56e4\u7a4d\u7981\u4ee4<\/a>\u3002&nbsp;<\/p>\n\n\n\n<p>\u7f8e\u570b&nbsp;<a href=\"https:\/\/www.nytimes.com\/2021\/05\/10\/us\/politics\/pipeline-hack-darkside.html\" target=\"_blank\" rel=\"noreferrer noopener\">\u806f\u90a6\u8abf\u67e5\u5c40 (FBI) \u78ba\u8a8d\u6b64\u6b21\u653b\u64ca\u7684\u5e55\u5f8c\u5143\u51f6\u662f Darkside \u99ed\u5ba2\u96c6\u5718<\/a>\u3002Darkside \u662f\u4e00\u500b\u76f8\u5c0d\u8f03\u65b0\u7684\u52d2\u7d22\u75c5\u6bd2\u5bb6\u65cf\uff0c\u9996\u6b21\u5728 2020 \u5e74 8 \u6708\u73fe\u8eab\uff0c\u4f46\u8a72\u96c6\u5718\u4e4b\u524d\u5c31\u66fe\u7d93\u5728\u4e00\u4e9b\u7db2\u8def\u72af\u7f6a\u884c\u52d5\u7576\u4e2d\u5f97\u901e\uff0c\u56e0\u6b64\u7d2f\u7a4d\u4e86\u4e0d\u5c11\u7d93\u9a57\u3002\u6839\u64da\u5f6d\u535a\u793e (Bloomberg) \u7684\u65b0\u805e\u6307\u51fa\uff0c\u99ed\u5ba2\u96c6\u5718\u9664\u4e86\u5c07 Colonial \u516c\u53f8\u7684\u96fb\u8166\u7cfb\u7d71\u9396\u6b7b\u4e4b\u5916\uff0c\u9084\u7aca\u53d6\u4e86\u8d85\u904e <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2021-05-09\/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown\" target=\"_blank\" rel=\"noreferrer noopener\">100GB \u7684\u4f01\u696d\u8cc7\u6599<\/a>\u3002\u9019\u500b\u99ed\u5ba2\u96c6\u5718\u5411\u4f86\u6163\u7528\u9019\u7a2e\u96d9\u91cd\u52d2\u7d22\u4f0e\u5006\uff0c\u4e0d\u4f46\u6703\u8981\u6c42\u53d7\u5bb3\u8005\u652f\u4ed8\u8d16\u91d1\u4f86\u89e3\u9396\u96fb\u8166\uff0c\u9084\u6703\u7aca\u53d6\u4f01\u696d\u7684\u8cc7\u6599\u4e26\u8d81\u6a5f\u6572\u8a50\u4e00\u7b46\uff0c\u5982\u679c\u53d7\u5bb3\u8005\u4e0d\u4e56\u4e56\u4ed8\u9322\uff0c\u4ed6\u5011\u5c31\u6703\u516c\u958b\u5077\u4f86\u7684\u8cc7\u6599\u3002\u6211\u5011\u5f8c\u9762\u6703\u63d0\u5230\uff0c\u4e8b\u5be6\u4e0a Darkside \u5728\u7db2\u8def\u72af\u7f6a\u96c6\u5718\u4e4b\u9593\u7b97\u662f\u76f8\u7576\u5177\u6709\u5275\u65b0\u80fd\u529b\uff0c\u7387\u5148\u958b\u767c\u51fa\u6240\u8b02\u7684\u300c\u56db\u91cd\u52d2\u7d22\u670d\u52d9\u300d\u3002<\/p>\n\n\n\n<p>Trend Micro Research \u5728\u7db2\u8def\u4e0a\u8490\u96c6\u4e86\u6578\u5341\u500b Darkside \u52d2\u7d22\u75c5\u6bd2\u6a23\u672c\uff0c\u4e26\u7814\u7a76\u4e86\u8a72\u52d2\u7d22\u75c5\u6bd2\u7684\u904b\u4f5c\u65b9\u5f0f\u4ee5\u53ca\u5b83\u6240\u7784\u6e96\u7684\u76ee\u6a19\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Darkside \u52d2\u7d22\u75c5\u6bd2<\/strong>\u6d3b\u52d5\u6642\u9593\u8868<\/h3>\n\n\n\n<!--more-->\n\n\n\n<p><br>Darkside \u52d2\u7d22\u75c5\u6bd2\u61c9\u8a72&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.nytimes.com\/2021\/05\/10\/us\/politics\/pipeline-hack-darkside.html\" target=\"_blank\">\u8ddf\u6771\u6b50\u5730\u5340\u6709\u6240\u6df5\u6e90<\/a>\uff0c\u6700\u65e9\u51fa\u73fe\u65bc 2020 \u5e74 8 \u6708\u3002\u5176\u5e55\u5f8c\u7684\u99ed\u5ba2\u96c6\u5718\u6703\u63d0\u4f9b\u6240\u8b02\u7684<a rel=\"noreferrer noopener\" href=\"https:\/\/blog.trendmicro.com.tw\/?p=29105\" target=\"_blank\">\u52d2\u7d22\u75c5\u6bd2\u670d\u52d9 (Ransomware-as-a-Service)&nbsp;<\/a> \u7d66\u5176\u4ed6\u72af\u7f6a\u96c6\u5718\u4f7f\u7528\uff0c\u4e26\u5f9e\u5176\u5229\u6f64\u7576\u4e2d\u6536\u53d6\u4e00\u5b9a\u6bd4\u4f8b\u7684\u4f63\u91d1\u3002Darkside \u662f\u73fe\u4ee3\u5316\u52d2\u7d22\u75c5\u6bd2\u7684\u4e00\u500b\u7d55\u4f73\u7bc4\u4f8b\uff0c\u63a1\u7528\u66f4\u65b0\u7684\u5546\u696d\u6a21\u5f0f\u3002\u73fe\u4ee3\u5316\u52d2\u7d22\u75c5\u6bd2\u5c08\u9580\u5c0b\u627e\u9ad8\u50f9\u503c\u76ee\u6a19\uff0c\u4e14\u7372\u5229\u65b9\u6cd5\u4e5f\u66f4\u591a\u6a23\u5316 (\u4f8b\u5982\u96d9\u91cd\u52d2\u7d22)\u3002\u6b64\u5916\uff0c\u73fe\u4ee3\u5316\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\u7d93\u5e38\u7531\u591a\u500b\u96c6\u5718\u806f\u5408\u57f7\u884c\u4e26\u5e73\u5206\u7372\u5229\u3002\u9019\u985e\u653b\u64ca\u6709\u6642\u5019\u770b\u8d77\u4f86\u66f4\u50cf\u662f\u9032\u968e\u6301\u7e8c\u6027\u6ef2\u900f\u653b\u64ca (APT) \u800c\u975e\u50b3\u7d71\u7684\u52d2\u7d22\u75c5\u6bd2\u4e8b\u4ef6\u3002&nbsp;&nbsp;<\/p>\n\n\n\n<p>\u4ee5\u4e0b\u662f\u5f9e\u4e00\u4e9b\u516c\u958b\u5831\u5c0e\u7576\u4e2d\u62fc\u6e4a\u51fa\u4f86\u7684 Darkside \u6d3b\u52d5\u6642\u9593\u8868\uff1a<\/p>\n\n\n\n<ul><li><strong>2020 \u5e74 8 \u6708\uff1aDarkside \u96c6\u5718\u767c\u8868\u81ea\u5df1\u7684\u52d2\u7d22\u75c5\u6bd2\u3002<\/strong><\/li><li><strong>2020 \u5e74 10 \u6708\uff1a\u5c07\u53d7\u5bb3\u8005\u8eab\u4e0a\u62ff\u5230\u7684 2 \u842c\u7f8e\u5143\u6350\u7d66\u6148\u5584\u6a5f\u69cb\u3002<\/strong><\/li><li><strong>2020 \u5e74 11 \u6708\uff1aDarkside \u63a8\u51fa\u52d2\u7d22\u75c5\u6bd2\u670d\u52d9 (RaaS)\uff0c\u4e26\u9080\u8acb\u5176\u4ed6\u7db2\u8def\u72af\u7f6a\u96c6\u5718\u4f7f\u7528\u8a72\u670d\u52d9\uff0c\u800c Darkside \u8cc7\u6599\u5916\u6d29\u7db2\u7ad9\u4e5f\u96a8\u5f8c\u51fa\u73fe\u3002<\/strong><\/li><li><strong>2020 \u5e74 11 \u6708\uff1a\u63a8\u51fa\u5167\u5bb9\u6d3e\u9001\u7db2\u8def (CDN) \u4f86\u5b58\u653e\u53ca\u6d3e\u9001\u5077\u4f86\u7684\u8cc7\u6599\u3002<\/strong><\/li><li><strong>2020 \u5e74 12 \u6708\uff1aDarkside \u9080\u8acb\u5a92\u9ad4\u8207\u8cc7\u6599\u5fa9\u539f\u6a5f\u69cb\u8ffd\u8e64\u4ed6\u5011\u7684<a href=\"https:\/\/twitter.com\/malwrhunterteam\/status\/1347458694053822464?lang=en\" target=\"_blank\" rel=\"noreferrer noopener\">\u65b0\u805e\u4e2d\u5fc3<\/a><\/strong><strong>\u4f86\u638c\u63e1\u5176\u8cc7\u6599\u5916\u6d29\u7db2\u7ad9\u7684\u6700\u65b0\u52d5\u614b\u3002<\/strong><\/li><li><strong>2021 \u5e74 3 \u6708\uff1aDarkside v2 \u767c\u8868\uff0c\u5167\u542b\u591a\u9805\u66f4\u65b0\u3002<\/strong><\/li><li><strong>2021 \u5e74 5 \u6708\uff1a\u653b\u64ca Colonial Pipeline\u3002Darkside \u5728\u653b\u64ca\u5f8c\u5ba3\u7a31\u4ed6\u5011\u4e26\u7121\u653f\u6cbb\u52d5\u6a5f\uff0c\u4e26\u958b\u59cb\u7be9\u9078\u5176\u653b\u64ca\u76ee\u6a19\uff0c\u9019\u5f88\u53ef\u80fd\u662f\u5e0c\u671b\u5c07\u4f86\u53ef\u4ee5\u907f\u514d\u518d\u5f15\u8d77\u95dc\u6ce8\u3002<\/strong><\/li><\/ul>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u7a81\u7834\u9632\u7dda<\/strong><\/h3>\n\n\n\n<p><br>\u6839\u64da\u6211\u5011\u5c0d Darkside \u6a23\u672c\u7684\u7814\u7a76\uff0c\u6211\u5011\u767c\u73fe\u7db2\u8def\u91e3\u9b5a\u3001\u9060\u7aef\u684c\u9762\u901a\u8a0a\u5354\u5b9a (RDP)\u3001\u653b\u64ca\u5df2\u77e5\u6f0f\u6d1e\u662f\u4ed6\u5011\u7a81\u7834\u4f01\u696d\u9632\u7dda\u7684\u6163\u7528\u624b\u6cd5\u3002\u6b64\u5916\uff0c\u6b79\u5f92\u5728\u6574\u500b\u653b\u64ca\u904e\u7a0b\u7576\u4e2d\u9084\u6703\u4f7f\u7528\u4e00\u822c\u5e38\u898b\u7684&nbsp;<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/locked-loaded-and-in-the-wrong-hands-legitimate-tools-weaponized-for-ransomware-in-2021\">\u5408\u6cd5\u5de5\u5177<\/a>\u4f86\u8eb2\u907f\u5075\u6e2c\u4e26\u63a9\u8b77\u5176\u653b\u64ca\u884c\u52d5\u3002&nbsp;<\/p>\n\n\n\n<p>\u6b79\u5f92\u5728\u5075\u67e5\u8207\u7a81\u7834\u9632\u7dda\u7684\u968e\u6bb5\u6703\u6839\u64da\u4e0d\u540c\u76ee\u7684\u800c\u4f7f\u7528\u4e0b\u5217\u5e7e\u7a2e\u5408\u6cd5\u5de5\u5177\uff1a<\/p>\n\n\n\n<ul><li><strong>PowerShell &#8211; \u5075\u67e5\u3001\u5e38\u99d0<\/strong><\/li><li><strong>Metasploit Framework &#8211; \u5075\u67e5<\/strong><\/li><li><strong>Mimikatz &#8211; \u5075\u67e5<\/strong><\/li><li><strong>Bloodhound &#8211; \u5075\u67e5<\/strong><\/li><li><strong>CobaltStrike <\/strong>\u2013 <strong>\u5b89\u88dd<\/strong><\/li><\/ul>\n\n\n\n<p>\u50cf Darkside \u9019\u985e\u73fe\u4ee3\u5316\u52d2\u7d22\u75c5\u6bd2\u4e0d\u6703\u4e00\u7a81\u7834\u9632\u7dda\u4e4b\u5f8c\u5c31\u99ac\u4e0a\u5728\u4f01\u696d\u5167\u690d\u5165\u52d2\u7d22\u75c5\u6bd2\uff0c\u99ed\u5ba2\u6703\u5148\u57f7\u884c\u4e00\u4e9b\u624b\u52d5\u4f5c\u696d\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u6a6b\u5411\u79fb\u52d5\u8207\u6b0a\u9650\u63d0\u5347<\/strong><\/h3>\n\n\n\n<p><br>\u6a6b\u5411\u79fb\u52d5\u662f\u73fe\u4ee3\u5316\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\u6d41\u7a0b\u7576\u4e2d\u6700\u91cd\u8981\u7684\u63a2\u7d22\u968e\u6bb5\u3002\u5176\u76ee\u7684\u4e00\u822c\u4f86\u8aaa\u662f\u8981\u627e\u51fa\u53d7\u5bb3\u6a5f\u69cb\u5167\u7684\u6240\u6709\u91cd\u8981\u8cc7\u6599\uff0c\u4e5f\u5c31\u662f\u5f8c\u7e8c\u8cc7\u6599\u5916\u50b3\u8207\u52a0\u5bc6\u7684\u76ee\u6a19\u6a94\u6848\u53ca\u4f4d\u7f6e\u3002<\/p>\n\n\n\n<p>\u6211\u5011\u78ba\u8a8d Darkside \u78ba\u5be6\u5982\u5831\u5c0e\u6240\u8a00\uff0c<a href=\"https:\/\/www.cybereason.com\/blog\/cybereason-vs-darkside-ransomware\" target=\"_blank\" rel=\"noreferrer noopener\">\u5176\u6a6b\u5411\u79fb\u52d5\u7684\u76ee\u6a19\u662f\u53d6\u5f97\u7db2\u57df\u63a7\u5236\u5668 (DC) \u6216 Active Directory \u7684\u5b58\u53d6\u6b0a\u9650<\/a>\uff0c\u9032\u800c\u7aca\u53d6\u767b\u5165\u6191\u8b49\u3001\u63d0\u5347\u6b0a\u9650\u3001\u53d6\u5f97\u5176\u4ed6\u73cd\u8cb4\u8cc7\u7522\uff0c\u4ee5\u4fbf\u80fd\u5c07\u5077\u5230\u7684\u8cc7\u6599\u5916\u50b3\u3002\u63a5\u8457\uff0c\u5b83\u6703\u7e7c\u7e8c\u5728\u7cfb\u7d71\u9593\u6a6b\u5411\u79fb\u52d5\uff0c\u6700\u5f8c\u518d\u7d93\u7531 DC \u7db2\u8def\u5171\u7528\u8cc7\u6599\u593e\u5c07\u52d2\u7d22\u75c5\u6bd2\u690d\u5165\u7db2\u8def\u4e0a\u7684\u96fb\u8166\u3002Darkside \u6240\u63a1\u7528\u7684\u4e00\u4e9b\u5df2\u77e5\u6a6b\u5411\u79fb\u52d5\u6280\u5de7\u90fd\u6703\u7528\u5230 PSExec \u548c RDP\u3002\u4f46\u5982\u540c\u6211\u5011\u524d\u9762\u6240\u8aaa\uff0c\u73fe\u4ee3\u5316\u52d2\u7d22\u75c5\u6bd2\u96c6\u5718\u7684\u884c\u70ba\u66f4\u50cf\u6211\u5011\u6240\u8a8d\u77e5\u7684 APT \u96c6\u5718\uff0c\u4ed6\u5011\u6703\u91dd\u5c0d\u53d7\u5bb3\u8005\u7684\u7db2\u8def\u9632\u79a6\u63aa\u65bd\u8abf\u6574\u81ea\u5df1\u7684\u5de5\u5177\u548c\u65b9\u6cd5\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u8cc7\u6599\u5916\u50b3<\/strong><\/h3>\n\n\n\n<p><br>\u63a1\u7528\u96d9\u91cd\u52d2\u7d22\u6280\u5006\u7684\u52d2\u7d22\u75c5\u6bd2\uff0c\u901a\u5e38\u6703\u5148\u5c07\u4f01\u696d\u95dc\u9375\u8cc7\u6599\u5916\u50b3\u4e4b\u5f8c\u518d\u767c\u52d5\u52d2\u7d22\u75c5\u6bd2\u3002\u6b64\u6642\u662f\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\u6700\u5bb9\u6613\u88ab\u767c\u73fe\u7684\u968e\u6bb5\uff0c\u56e0\u70ba\u8cc7\u5b89\u5718\u968a\u5f88\u53ef\u80fd\u6703\u6ce8\u610f\u5230\u8cc7\u6599\u5916\u50b3\u7684\u6d41\u91cf\u3002\u800c\u4e14\u9019\u662f\u690d\u5165\u52d2\u7d22\u75c5\u6bd2\u524d\u7684\u6700\u5f8c\u4e00\u500b\u6b65\u9a5f\uff0c\u6240\u4ee5\u99ed\u5ba2\u901a\u5e38\u6703\u5728\u6b64\u6642\u52a0\u5feb\u8173\u6b65\uff0c\u76e1\u53ef\u80fd\u5728\u88ab\u6514\u622a\u4e4b\u524d\u5b8c\u6210\u3002<\/p>\n\n\n\n<p>\u6211\u5011\u767c\u73fe\uff0c\u99ed\u5ba2\u5728\u8cc7\u6599\u5916\u50b3\u968e\u6bb5\u6703\u7528\u5230\u4ee5\u4e0b\u5e7e\u9805\u5de5\u5177\uff1a<\/p>\n\n\n\n<ul><li><strong>7-zip &#8211; \u5c07\u6e96\u5099\u5916\u50b3\u7684\u6a94\u6848\u58d3\u7e2e\u3002<\/strong><\/li><li><strong>Rclone \u8207 Mega Client &#8211; \u7528\u4f86\u5c07\u6a94\u6848\u4e0a\u50b3\u81f3\u96f2\u7aef\u5132\u5b58\u670d\u52d9\u7684\u7b2c\u4e09\u65b9\u5de5\u5177\u3002<\/strong><\/li><li><strong>PuTTy &#8211; \u66ff\u4ee3\u7684\u6a94\u6848\u50b3\u8f38\u5de5\u5177\u3002<\/strong><\/li><\/ul>\n\n\n\n<p>\u8cc7\u5b89\u5c08\u5bb6\u767c\u73fe\uff0cDarkside \u99ed\u5ba2\u96c6\u5718\u6703\u5229\u7528\u591a\u500b\u67b6\u8a2d\u5728 Tor \u7db2\u8def\u4e0a\u7684<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/list-of-ransomware-that-leaks-victims-stolen-files-if-not-paid\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u8cc7\u6599\u5916\u6d29\u7db2\u7ad9<\/a>\u4f86\u5b58\u653e\u5176\u7aca\u53d6\u7684\u8cc7\u6599\u3002\u6839\u64da\u5831\u5c0e\u6307\u51fa\uff0c&nbsp;<a href=\"https:\/\/www.areteir.com\/darkside-ransomware-caviar-taste-on-your-big-game-budget\/\" target=\"_blank\" rel=\"noreferrer noopener\">Mega.nz \u548c privatelab<\/a> \u5c31\u662f\u8a72\u96c6\u5718\u7528\u5230\u7684\u5169\u500b\u6a94\u6848\u5206\u4eab\u670d\u52d9\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u57f7\u884c\u52d2\u7d22\u75c5\u6bd2\u9020\u6210\u885d\u64ca<\/strong><\/h3>\n\n\n\n<p><br>\u63a5\u4e0b\u4f86\u7684\u6b65\u9a5f\u5c31\u662f\u771f\u6b63\u57f7\u884c\u52d2\u7d22\u75c5\u6bd2\uff0c\u6b64\u52d2\u7d22\u75c5\u6bd2\u5728\u9019\u968e\u6bb5\u8207 ReVil \u6709\u8a31\u591a\u76f8\u4f3c\u4e4b\u8655\uff0c\u5305\u62ec\u52d2\u7d22\u8a0a\u606f\u7684\u7d50\u69cb\u3001\u4f7f\u7528 PowerShell \u4f86\u57f7\u884c\u6307\u4ee4\u4ee5\u4fbf\u5f9e\u7db2\u8def\u522a\u9664\u9670\u5f71\u526f\u672c\u3002\u6b64\u5916\uff0c\u5169\u8005\u90fd\u4f7f\u7528\u76f8\u540c\u7684\u7a0b\u5f0f\u78bc\u4f86\u78ba\u8a8d\u53d7\u5bb3\u6a5f\u69cb\u4e0d\u5728\u7368\u7acb\u570b\u5354 (CIS) \u570b\u5bb6\u5883\u5167\u3002<\/p>\n\n\n\n<p>\u9664\u4e86\u4f7f\u7528 PowerShell \u4f86\u5b89\u88dd\u8207\u57f7\u884c\u60e1\u610f\u7a0b\u5f0f\u672c\u9ad4\u4e4b\u5916\uff0c\u5831\u5c0e\u66f4\u6307\u51fa<a href=\"https:\/\/www.cybereason.com\/blog\/cybereason-vs-darkside-ransomware\" target=\"_blank\" rel=\"noreferrer noopener\">\u99ed\u5ba2\u9084\u6703\u4f7f\u7528 Certutil \u8207 Bitsadmin \u4f86\u4e0b\u8f09\u52d2\u7d22\u75c5\u6bd2<\/a>\u3002\u81f3\u65bc\u52a0\u5bc6\u65b9\u6cd5\u5247\u6709\u5169\u7a2e\uff0c\u8996\u76ee\u6a19\u4f5c\u696d\u7cfb\u7d71\u800c\u5b9a\uff0c\u5982\u679c\u662f Linux \u5c31\u4f7f\u7528 ChaCha8 \u4e32\u6d41\u52a0\u5bc6\u6cd5\u642d\u914d RSA-4096\uff0c\u82e5\u662f Windows \u5c31\u4f7f\u7528 Salsa20 \u642d\u914d RSA-1024\u3002<\/p>\n\n\n\n<p>\u4ee5\u4e0b\u662f Darkside \u7684\u52d2\u7d22\u8a0a\u606f\u7bc4\u4f8b\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/e\/what-we-know-about-darkside-ransomware-and-the-us-pipeline-attack\/fig1-darksideransomware.jpg\" alt=\"Figure 1. A DarkSide ransom note\"\/><figcaption>\u5716 1\uff1aDarkside \u52d2\u7d22\u8a0a\u606f\u5167\u5bb9\u3002<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>MITRE ATT&amp;CK \u653b\u64ca\u6280\u5de7<\/strong><\/h3>\n\n\n\n<p><br>\u4ee5\u4e0b\u662f Darkside \u52d2\u7d22\u75c5\u6bd2\u6240\u7528\u5230\u7684 MITRE ATT&amp;CK \u653b\u64ca\u624b\u6cd5\u8207\u6280\u5de7\u3002<\/p>\n\n\n\n<p><strong>\u5075\u67e5<\/strong><\/p>\n\n\n\n<ul><li><strong>T1590 (\u8490\u96c6\u53d7\u5bb3\u8005\u7db2\u8def\u8cc7\u8a0a)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>\u7a81\u7834\u9632\u7dda<\/strong><\/p>\n\n\n\n<ul><li><strong>T1078 (\u5408\u6cd5\u5e33\u865f)<\/strong><\/li><li><strong>T1566 (\u7db2\u8def\u91e3\u9b5a)<\/strong><\/li><li><strong>T1190 (\u7d93\u7531\u6f0f\u6d1e\u653b\u64ca\u4f01\u696d\u5c0d\u5916\u7684\u61c9\u7528\u7a0b\u5f0f)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>\u57f7\u884c\u653b\u64ca<\/strong><\/p>\n\n\n\n<ul><li><strong>T1059.004 (\u6307\u4ee4\u8207\u8173\u672c\u89e3\u8b6f\u5668\uff1aUnix \u6307\u4ee4\u5217\u4ecb\u9762\u7a0b\u5f0f)<\/strong><\/li><li><strong>T1059.001 (\u6307\u4ee4\u8207\u8173\u672c\u89e3\u8b6f\u5668\uff1aPowerShell)<\/strong><\/li><li><strong>T1569 (\u7cfb\u7d71\u670d\u52d9)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>\u5e38\u99d0\u7cfb\u7d71<\/strong><\/p>\n\n\n\n<ul><li><strong>T1078 (\u5408\u6cd5\u5e33\u865f)<\/strong><\/li><li><strong>T1053 (\u6392\u7a0b\u5de5\u4f5c)<\/strong><\/li><li><strong>T1098 (\u5e33\u865f\u7be1\u6539)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>\u63d0\u5347\u6b0a\u9650<\/strong><\/p>\n\n\n\n<ul><li><strong>T1548.002 (\u64cd\u5f04\u6b0a\u9650\u63a7\u5236\u6a5f\u5236\uff1a\u7565\u904e UAC \u4f7f\u7528\u8005\u5e33\u6236\u63a7\u5236)<\/strong><\/li><li><strong>T1036 (\u507d\u88dd)<\/strong><\/li><li><strong>T1140 (\u89e3\u5bc6\/\u89e3\u78bc\u6a94\u6848\u6216\u8cc7\u8a0a)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>\u8eb2\u907f\u9632\u79a6<\/strong><\/p>\n\n\n\n<ul><li><strong>T1222.002 (\u6a94\u6848\u8207\u76ee\u9304\u6b0a\u9650\u4fee\u6539\uff1aLinux \u548c Mac \u6a94\u6848\u8207\u76ee\u9304\u6b0a\u9650\u4fee\u6539)<\/strong><\/li><li><strong>T1214 (\u7cfb\u7d71\u767b\u9304\u4e2d\u7684\u767b\u5165\u6191\u8b49)<\/strong><\/li><li><strong>T1083 (\u6a94\u6848\u8207\u76ee\u9304\u641c\u5c0b)<\/strong><\/li><li><strong>T1055 (\u8655\u7406\u7a0b\u5e8f\u6ce8\u5165\uff1aDLL \u52d5\u614b\u9023\u7d50\u7a0b\u5f0f\u5eab\u6ce8\u5165)<\/strong><\/li><li><strong>T1500 (\u5728\u6d3e\u9001\u4e4b\u5f8c\u7d44\u8b6f)<\/strong><\/li><li><strong>T1562.001 (\u964d\u4f4e\u9632\u79a6\uff1a\u505c\u7528\u6216\u7be1\u6539\u5de5\u5177)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>\u5b58\u53d6\u767b\u5165\u6191\u8b49<\/strong><\/p>\n\n\n\n<ul><li><strong>T1555 (\u5f9e\u5bc6\u78bc\u5132\u5b58\u5340\u622a\u53d6\u767b\u5165\u6191\u8b49)<\/strong><\/li><li><strong>T1082 (\u7cfb\u7d71\u8cc7\u8a0a\u641c\u5c0b)<\/strong><\/li><li><strong>T1071 (\u6a19\u6e96\u61c9\u7528\u7a0b\u5f0f\u5c64\u901a\u8a0a\u5354\u5b9a)<\/strong><\/li><li><strong>T1057 (\u8655\u7406\u7a0b\u5e8f\u641c\u5c0b)<\/strong><\/li><li><strong>T1555.003 (\u5f9e\u5bc6\u78bc\u5132\u5b58\u5340\u622a\u53d6\u767b\u5165\u6191\u8b49\uff1a\u7db2\u9801\u700f\u89bd\u5668\u5132\u5b58\u7684\u767b\u5165\u6191\u8b49)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>\u641c\u5c0b<\/strong><\/p>\n\n\n\n<ul><li><strong>T1087 (\u5e33\u865f\u641c\u5c0b)<\/strong><\/li><li><strong>T1105 (\u9060\u7aef\u6a94\u6848\u8907\u88fd)<\/strong><\/li><li><strong>T1490 (\u9632\u6b62\u7cfb\u7d71\u5fa9\u539f)<\/strong><\/li><li><strong>T1105 (\u5c0d\u5167\u50b3\u8f38\u5de5\u5177)<\/strong><\/li><li><strong>T1087.002 (\u5e33\u865f\u641c\u5c0b\uff1a\u7db2\u57df\u5e33\u865f)<\/strong><\/li><li><strong>T1482 (\u7db2\u57df\u4fe1\u4efb\u641c\u5c0b)<\/strong><\/li><li><strong>T1069.002 (\u6b0a\u9650\u7fa4\u7d44\u641c\u5c0b\uff1a\u7db2\u57df\u7fa4\u7d44)<\/strong><\/li><li><strong>T1018 (\u9060\u7aef\u7cfb\u7d71\u641c\u5c0b)<\/strong><\/li><li><strong>T1016 (\u7cfb\u7d71\u7db2\u8def\u7d44\u614b\u641c\u5c0b)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>\u6a6b\u5411\u79fb\u52d5<\/strong><\/p>\n\n\n\n<ul><li><strong>T1080 (\u6c59\u67d3\u5171\u7528\u5167\u5bb9)<\/strong><\/li><li><strong>T1486 (\u5229\u7528\u8cc7\u6599\u52a0\u5bc6\u9020\u6210\u885d\u64ca)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>\u8490\u96c6<\/strong><\/p>\n\n\n\n<ul><li><strong>T1113 (\u87a2\u5e55\u622a\u5716)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>\u5e55\u5f8c\u64cd\u7e31 (C&amp;C)<\/strong><\/p>\n\n\n\n<ul><li><strong>T1043 (\u5e38\u7528\u9023\u63a5\u57e0)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>\u8cc7\u6599\u5916\u50b3<\/strong><\/p>\n\n\n\n<ul><li><strong>T1567.002 (\u7d93\u7531\u7db2\u7ad9\u670d\u52d9\u5c07\u8cc7\u6599\u5916\u50b3\uff1a\u5916\u50b3\u81f3\u96f2\u7aef\u5132\u5b58)<\/strong><\/li><li><strong>T1048 (\u7d93\u7531\u5176\u4ed6\u901a\u8a0a\u5354\u5b9a\u5c07\u8cc7\u6599\u5916\u50b3)<\/strong><\/li><\/ul>\n\n\n\n<p><strong>\u885d\u64ca<\/strong><\/p>\n\n\n\n<ul><li><strong>T1489 (\u670d\u52d9\u505c\u6b62)<\/strong><\/li><\/ul>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u7d50\u8ad6<\/strong><\/h3>\n\n\n\n<p><br>\u52d2\u7d22\u75c5\u6bd2\u662f\u4e00\u9805\u5b58\u5728\u5df2\u4e45\u4f46\u537b\u4ecd\u5728\u6301\u7e8c\u6f14\u9032\u7684\u5a01\u8105\u3002\u5f9e\u672c\u9031\u6240\u767c\u751f\u7684\u4e8b\u4ef6\u5c31\u80fd\u770b\u51fa\uff0c\u4eca\u65e5\u7684\u52d2\u7d22\u75c5\u6bd2\u5728\u8a31\u591a\u65b9\u9762\u90fd\u5df2\u7d93\u6539\u8b8a\uff1a\u66f4\u5927\u7684\u653b\u64ca\u76ee\u6a19\u3001\u65b0\u7684\u52d2\u7d22\u6280\u5de7\u3001\u8d85\u51fa\u53d7\u5bb3\u8005\u672c\u8eab\u7684\u9577\u9060\u6548\u61c9\u3002&nbsp;<\/p>\n\n\n\n<p>\u52d2\u7d22\u75c5\u6bd2\u96c6\u5718\u4e0d\u518d\u53ea\u6eff\u8db3\u65bc\u5c07\u96fb\u8166\u9396\u6b7b\u8b93\u4f01\u696d\u7121\u6cd5\u52d5\u5f48\u597d\u52d2\u7d22\u8d16\u91d1\uff0c\u73fe\u5728\uff0c\u4ed6\u5011\u9084\u6703\u6df1\u5165\u6316\u6398\u4f01\u696d\u7db2\u8def\u4ee5\u4fbf\u627e\u5230\u65b0\u7684\u7372\u5229\u7ba1\u9053\u3002\u4f8b\u5982\uff0c\u67d0\u500b\u906d\u5230\u99ed\u5ba2\u5165\u4fb5\u7684\u96f2\u7aef\u4f3a\u670d\u5668\u5c31<a href=\"https:\/\/blog.trendmicro.com\/the-lifecycle-of-a-compromised-cloud-server\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u7d93\u6b77\u4e86\u4e00\u6574\u5957\u653b\u64ca\u6d41\u7a0b<\/a>\uff0c\u5f9e\u7a81\u7834\u9632\u7dda\u3001\u8cc7\u6599\u906d\u7aca\u53d6\u5916\u50b3\u3001\u8cc7\u6599\u906d\u5230\u8f49\u8ce3\uff0c\u7136\u5f8c\u99ed\u5ba2\u9084\u51fa\u552e\u8a72\u4f3a\u670d\u5668\u7684\u5b58\u53d6\u6b0a\u9650\u4f86\u8cfa\u9322\u3002\u5df2\u906d\u5165\u4fb5\u7684\u4f01\u696d\u8cc7\u7522\uff0c\u5728\u5730\u4e0b\u5e02\u5834\u4e0a\u53ef\u8aaa\u662f\u4e00\u7a2e\u66b4\u5229\u5546\u54c1\uff0c\u7db2\u8def\u72af\u7f6a\u96c6\u5718\u6df1\u77e5<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=65725\" target=\"_blank\" rel=\"noreferrer noopener\">\u5982\u4f55\u653b\u64ca\u4f01\u696d\u4f3a\u670d\u5668\u4f86\u8cfa\u9322<\/a>\u3002<\/p>\n\n\n\n<p>\u5728 Colonial \u4e8b\u4ef6\u4e2d\uff0c\u53d7\u5bb3\u8005\u906d\u5230\u4e86\u96d9\u91cd\u52d2\u7d22\uff0c\u4f46\u5728\u6709\u4e9b\u6848\u4f8b\u7576\u4e2d\uff0c\u99ed\u5ba2\u751a\u81f3\u6703\u66f4\u904e\u5206\u3002\u8da8\u52e2\u79d1\u6280\u5168\u7403\u5a01\u8105\u901a\u8a0a\u7e3d\u76e3 Jon Clay \u6458\u8981\u5217\u51fa\u52d2\u7d22\u75c5\u6bd2\u767c\u5c55\u7684\u5e7e\u500b\u968e\u6bb5\uff1a<\/p>\n\n\n\n<ul><li><strong>\u7b2c 1 \u968e\u6bb5\uff1a\u55ae\u7d14\u53ea\u6709\u52d2\u7d22\u75c5\u6bd2\u3002\u5c07\u6a94\u6848\u52a0\u5bc6\uff0c\u7559\u4e0b\u4e00\u5c01\u52d2\u7d22\u8a0a\u606f\uff0c\u7136\u5f8c\u7b49\u8457\u6536\u9322 (\u6bd4\u7279\u5e63)\u3002<\/strong><\/li><li><strong>\u7b2c 2 \u968e\u6bb5\uff1a\u96d9\u91cd\u52d2\u7d22\u3002\u7b2c 1 \u968e\u6bb5 + \u5c07\u8cc7\u6599\u5916\u50b3\u7136\u5f8c\u5a01\u8105\u516c\u958b\u8cc7\u6599\u3002Maze \u662f\u7b2c\u4e00\u500b\u63a1\u7528\u6b64\u624b\u6cd5\u7684\u5df2\u77e5\u6848\u4f8b\uff0c\u96a8\u5f8c\u5176\u4ed6\u72af\u7f6a\u96c6\u5718\u4e5f\u7acb\u5373\u8ddf\u9032\u3002<\/strong><\/li><li><strong>\u7b2c 3 \u968e\u6bb5\uff1a\u4e09\u91cd\u52d2\u7d22\u3002\u7b2c 1 \u968e\u6bb5 + \u7b2c 2 \u968e\u6bb5\uff0c\u7136\u5f8c\u518d\u642d\u914d DDoS \u653b\u64ca\u5a01\u8105\u3002Avaddon \u662f\u7b2c\u4e00\u500b\u63a1\u7528\u6b64\u624b\u6cd5\u7684\u5df2\u77e5\u6848\u4f8b\u3002<\/strong><\/li><li><strong>\u7b2c 4 \u968e\u6bb5\uff1a\u56db\u91cd\u52d2\u7d22\u3002\u7b2c 1 \u968e\u6bb5 + (\u53ef\u80fd\u642d\u914d\u7b2c 2 \u968e\u6bb5\u6216\u7b2c 3 \u968e\u6bb5) + \u76f4\u63a5\u767c\u9001\u90f5\u4ef6\u7d66\u53d7\u5bb3\u8005\u7684\u5ba2\u6236\uff0c\u6216\u8005\u96c7\u7528\u96fb\u8a2a\u4e2d\u5fc3\u8ddf\u5ba2\u6236\u806f\u7e6b\u3002<\/strong><\/li><\/ul>\n\n\n\n<p>\u4e8b\u5be6\u4e0a\uff0c\u5982\u540c\u4e00\u4e9b<a href=\"https:\/\/krebsonsecurity.com\/2021\/05\/a-closer-look-at-the-darkside-ransomware-gang\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u8cc7\u5b89\u5831\u544a<\/a>\u6307\u51fa\uff0cDarkside \u9084\u5177\u5099\u4e86 DDOS \u548c\u96fb\u8a2a\u4e2d\u5fc3\u5169\u7a2e\u529f\u80fd\u3002\u4ed6\u5011\u6703\u63d0\u4f9b\u56db\u91cd\u52d2\u7d22\u529f\u80fd\u7d66\u5176\u4ed6\u72af\u7f6a\u96c6\u5718\u4f7f\u7528\uff0c\u6240\u4ee5\u986f\u7136\u5177\u5099\u76f8\u7576\u7684\u5275\u65b0\u80fd\u529b\u3002\u5728\u7db2\u8def\u72af\u7f6a\u9818\u57df\uff0c\u6240\u6709\u7684\u5de5\u5177\u548c\u6280\u5de7\u90fd\u6c92\u6709\u6240\u8b02\u7684\u7248\u6b0a\u6216\u5c08\u5229\u3002\u56e0\u6b64\uff0c\u6240\u8b02\u7684\u5275\u65b0\u5c31\u662f\u8fc5\u901f\u5b8c\u5168\u8907\u88fd\u4ed6\u4eba\u7684\u6700\u4f73\u624b\u6cd5\u7136\u5f8c\u518d\u958b\u767c\u51fa\u65b0\u7684\u7248\u672c\u3002&nbsp;<\/p>\n\n\n\n<p>\u9019\u5c31\u662f\u672a\u4f86\u6211\u5011\u5c07\u6703\u770b\u5230\u7684\u52d2\u7d22\u75c5\u6bd2\u578b\u614b\uff0c\u56e0\u6b64\uff0c\u4f01\u696d\u6a5f\u69cb\u61c9\u82b1\u9ede\u6642\u9593<a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/e\/tips-to-avoid-new-wave-ransomware-attacks.html\" target=\"_blank\" rel=\"noreferrer noopener\">\u91dd\u5c0d\u65b0\u7684\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\u578b\u614b\u64ec\u5b9a\u4e00\u5957\u4e8b\u4ef6\u61c9\u8b8a\u8a08\u756b<\/a>\u3002<\/p>\n\n\n\n<p>\u4e0d\u5e78\u7684\u662f\uff0c\u67d0\u4e9b\u6a5f\u69cb\u6216\u8a31\u672a\u628a\u7db2\u8def\u8cc7\u5b89\u5217\u5728\u7b2c\u4e00\u9806\u4f4d\uff0c\u4f8b\u5982\uff0c<a href=\"https:\/\/twitter.com\/nicoleperlroth\/status\/1392196162493444098?s=20https:\/\/twitter.com\/nicoleperlroth\/status\/1392196162493444098?s=20\" target=\"_blank\" rel=\"noreferrer noopener\">\u8cc7\u5b89\u5c08\u5bb6<\/a>\u6307\u51fa Colonial \u4ecd\u5728\u4f7f\u7528\u5148\u524d\u542b\u6709\u6f0f\u6d1e\u7684 Microsoft Exchange \u7248\u672c\uff0c\u800c\u4e14\u9084\u5b58\u5728\u8457\u4e00\u4e9b\u5176\u4ed6\u7684\u7db2\u8def\u8cc7\u5b89\u6f0f\u6d1e\u3002\u4e00\u4e9b\u63d0\u4f9b\u6c11\u751f\u5fc5\u9700\u670d\u52d9\u7684\u4f01\u696d\u4e00\u65e6\u906d\u5230\u99ed\u5ba2\u653b\u64ca\uff0c\u5c07\u9023\u5e36\u5f15\u767c\u5404\u7a2e\u5f8c\u7e8c\u6548\u61c9\uff0c\u5c0d\u793e\u6703\u5404\u5c64\u9762\u5e36\u4f86\u640d\u5bb3\uff0c\u9019\u5c31\u662f\u70ba\u4f55\u78ba\u4fdd\u9019\u985e\u670d\u52d9\u7684\u5b89\u5168\u662f\u512a\u5148\u8981\u52d9\u3002<\/p>\n\n\n\n<p>\u7f8e\u570b\u53c3\u8b70\u9662\u4e00\u5834\u6709\u95dc\u7db2\u8def\u8cc7\u5b89\u5a01\u8105\u7684\u807d\u8b49\u6703\u4e0a\uff0c\u4fc4\u4ea5\u4fc4\u5dde\u53c3\u8b70\u54e1 Rob Portman \u5f62\u5bb9 <a href=\"https:\/\/www.reuters.com\/business\/energy\/us-fuel-supplies-tighten-energy-pipeline-outage-enters-fifth-day-2021-05-11\/\" target=\"_blank\" rel=\"noreferrer noopener\">Colonial \u653b\u64ca\u4e8b\u4ef6<\/a>\u300c\u6216\u8a31\u662f\u6709\u53f2\u4ee5\u4f86\u91dd\u5c0d\u7f8e\u570b\u91cd\u5927\u57fa\u790e\u8a2d\u65bd\u6700\u91cd\u5927\u3001\u4e5f\u6700\u56b4\u91cd\u7684\u4e00\u6b21\u653b\u64ca\u3002\u300d\u6b64\u6b21\u653b\u64ca\u5c0d\u6240\u6709\u4f01\u696d\u6a5f\u69cb\u90fd\u662f\u4e00\u9805\u8b66\u60d5\uff0c\u4f01\u696d\u61c9\u8a72\u5f37\u5316\u5176\u7db2\u8def\u5a01\u8105\u9632\u8b77\uff0c\u4e26\u63d0\u5347\u5075\u6e2c\u99ed\u5ba2\u7684\u80fd\u529b\u3002\u8da8\u52e2\u79d1\u6280\u63a1\u7528\u591a\u5c64\u5f0f\u7db2\u8def\u8cc7\u5b89\u5e73\u53f0\u4f86\u63d0\u5347\u5075\u6e2c\u53ca\u56de\u61c9\u6700\u65b0\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\u7684\u80fd\u529b\u4e26\u63d0\u9ad8\u5a01\u8105\u7684\u53ef\u8996\u6027\u3002\u8acb\u53c3\u95b1 <a href=\"https:\/\/www.trendmicro.com\/zh_tw\/business\/products\/detection-response.html\" target=\"_blank\" rel=\"noreferrer noopener\">Trend Micro Vision One<\/a> \u5e73\u53f0\u4f86\u4e86\u89e3\u66f4\u591a\u8cc7\u8a0a\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/e\/what-we-know-about-darkside-ransomware-and-the-us-pipeline-attac.html\">What We Know About Darkside Ransomware and the US Pipeline Attack<\/a><\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>5 \u6708 7 \u65e5\uff0c\u4e00\u8d77\u52d2\u7d22\u75c5\u6bd2 Ransomware (\u52d2\u7d22\u8edf\u9ad4\/\u7d81\u67b6\u75c5\u6bd2)\u653b\u64ca\u9020\u6210\u8ca0\u8cac\u7f8e\u570b\u6771\u5cb8\u8fd1\u534a\u6578\u6cb9\u7ba1\u904b\u8f38\u7684 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[2266,179],"tags":[4820,4818,2559,4179,4819],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/68108"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=68108"}],"version-history":[{"count":5,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/68108\/revisions"}],"predecessor-version":[{"id":68120,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/68108\/revisions\/68120"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=68108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=68108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=68108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}