{"id":68204,"date":"2021-05-21T09:00:00","date_gmt":"2021-05-21T01:00:00","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=68204"},"modified":"2021-05-20T12:13:29","modified_gmt":"2021-05-20T04:13:29","slug":"darkside-%e5%8b%92%e7%b4%a2%e7%97%85%e6%af%92%e8%88%87%e7%be%8e%e5%9c%8b%e8%bc%b8%e6%b2%b9%e7%ae%a1%e6%94%bb%e6%93%8a%e4%ba%8b%e4%bb%b6-2","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=68204","title":{"rendered":"DarkSide \u52d2\u7d22\u75c5\u6bd2\u8207\u7f8e\u570b\u8f38\u6cb9\u7ba1\u653b\u64ca\u4e8b\u4ef6(\u66f4\u65b0)"},"content":{"rendered":"\n

<\/h1>\n\n\n\n

\u8da8\u52e2\u79d1\u6280 Trend Micro Research \u5728\u7db2\u8def\u4e0a\u8490\u96c6\u4e86\u6578\u5341\u500b DarkSide \u52d2\u7d22\u75c5\u6bd2\u6a23\u672c\uff0c\u4e26\u7814\u7a76\u4e86\u8a72\u52d2\u7d22\u75c5\u6bd2\u96c6\u5718\u7684\u904b\u4f5c\u65b9\u5f0f\u4ee5\u53ca\u5b83\u6240\u7784\u6e96\u7684\u76ee\u6a19\u3002\u00a0<\/p><\/blockquote>\n\n\n\n

\u672c\u6587\u5df2\u66f4\u65b0\uff0c\u589e\u52a0\u4e86\u4e0d\u5c11\u6709\u95dc DarkSide \u53d7\u5bb3\u8005\u7684\u53c3\u8003\u8cc7\u6599\u3002<\/em><\/strong><\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n
<\/div>\n\n\n\n

5 \u6708 7 \u65e5\uff0c\u4e00\u8d77\u52d2\u7d22\u75c5\u6bd2<\/a>\u653b\u64ca\u9020\u6210\u8ca0\u8cac\u7f8e\u570b\u6771\u5cb8\u8fd1\u534a\u6578\u6cb9\u7ba1\u904b\u8f38\u7684 Colonial Pipeline<\/a> \u516c\u53f8\u4e3b\u52d5\u95dc\u9589\u71df\u696d\uff0c\u4f7f\u5f97\u6c7d\u6cb9\u3001\u67f4\u6cb9\u3001\u5bb6\u7528\u6696\u6c23\u7528\u6cb9\u3001\u5674\u5c04\u6a5f\u7528\u6cb9\u3001\u8ecd\u7528\u6cb9\u54c1\u5168\u90e8\u53d7\u5230\u56b4\u91cd\u885d\u64ca\u3002\u7f8e\u570b\u806f\u90a6\u6a5f\u52d5\u904b\u8f38\u5b89\u5168\u7ba1\u7406\u5c40 (Federal Motor Carrier Safety Administration\uff0c\u7c21\u7a31 FMCSA)  \u5728\u5168\u7f8e 18 \u5dde\u767c\u5e03\u7dca\u6025\u72c0\u614b<\/a>\u4f86\u7de9\u89e3\u6cb9\u54c1\u4f9b\u61c9\u4e2d\u65b7\u7684\u554f\u984c\u3002<\/p>\n\n\n\n

\u81ea\u99ed\u5ba2\u653b\u64ca\u9020\u6210 Colonial Pipeline \u71df\u904b\u95dc\u9589\u4ee5\u4f86\u5df2\u7d93\u904e\u4e86\u4e94\u5929\uff0c\u8a72\u516c\u53f8\u4f9d\u820a\u6c92\u8fa6\u6cd5\u5b8c\u5168\u6062\u5fa9\u71df\u904b\u3002\u6cb9\u54c1\u4f9b\u61c9\u4e2d\u65b7\u5df2\u7d93\u958b\u59cb\u5f71\u97ff\u8eca\u8f1b\u904b\u8f38\uff0c\u5728 \u4e9e\u7279\u862d\u5927 (Atlanta) \u90fd\u6703\u5340\uff0c30% \u7684\u52a0\u6cb9\u7ad9\u90fd\u7121\u6cb9\u53ef\u8ce3<\/a>\uff0c\u5176\u4ed6\u57ce\u5e02\u56de\u5831\u7684\u6578\u64da\u4e5f\u5927\u81f4\u5982\u6b64\u3002\u70ba\u4e86\u7dad\u6301\u6c11\u751f\u5fc5\u8981\u6cb9\u54c1\u7684\u4f9b\u61c9\u7121\u865e\uff0c\u653f\u5e9c\u5df2\u767c\u5e03\u56e4\u7a4d\u7981\u4ee4<\/a>\u3002 <\/p>\n\n\n\n

\u7f8e\u570b\u806f\u90a6\u8abf\u67e5\u5c40 (FBI) \u78ba\u8a8d\u6b64\u6b21\u653b\u64ca\u7684\u5e55\u5f8c\u5143\u51f6\u662f\u4f86\u81ea\u6771\u6b50\u7684 DarkSide \u99ed\u5ba2\u96c6\u5718<\/a>\uff0c\u8a72\u96c6\u5718\u6240\u7528\u7684\u52d2\u7d22\u75c5\u6bd2\u662f\u4e00\u500b\u76f8\u5c0d\u8f03\u65b0\u7684\u5bb6\u65cf\uff0c\u9996\u6b21\u5728 2020 \u5e74 8 \u6708\u73fe\u8eab\uff0c\u4f46\u8a72\u96c6\u5718\u4e4b\u524d\u5c31\u66fe\u7d93\u5728\u4e00\u4e9b\u7db2\u8def\u72af\u7f6a\u884c\u52d5\u7576\u4e2d\u5f97\u901e\uff0c\u56e0\u6b64\u7d2f\u7a4d\u4e86\u4e0d\u5c11\u7d93\u9a57\u3002<\/p>\n\n\n\n

\u9664\u4e86\u5c07 Colonial Pipeline \u7684\u96fb\u8166\u7cfb\u7d71\u9396\u6b7b\u4e4b\u5916\uff0c DarkSide<\/a> \u9084\u7aca\u53d6\u4e86\u8d85\u904e 100 GB \u7684\u4f01\u696d\u8cc7\u6599<\/a>\u3002\u9019\u500b\u7aca\u53d6\u8cc7\u6599\u7684\u52d5\u4f5c\u53cd\u800c\u66f4\u6709\u6bba\u50b7\u529b\uff0c\u8a72\u96c6\u5718\u5411\u4f86\u6163\u7528\u96d9\u91cd\u52d2\u7d22\u7684\u4f0e\u5006\uff0c\u4e0d\u4f46\u6703\u8981\u6c42\u53d7\u5bb3\u8005\u652f\u4ed8\u8d16\u91d1\u4f86\u89e3\u9396\u96fb\u8166\uff0c\u9084\u6703\u7aca\u53d6\u4f01\u696d\u7684\u8cc7\u6599\u4e26\u8d81\u6a5f\u6572\u8a50\u4e00\u7b46\u3002\u6211\u5011\u5f8c\u9762\u6703\u63d0\u5230\uff0c\u4e8b\u5be6\u4e0a DarkSide \u5728\u7db2\u8def\u72af\u7f6a\u96c6\u5718\u4e4b\u9593\u7b97\u662f\u76f8\u7576\u5177\u6709\u5275\u65b0\u80fd\u529b\uff0c\u7387\u5148\u958b\u767c\u51fa\u6240\u8b02\u7684\u300c\u56db\u91cd\u52d2\u7d22\u670d\u52d9\u300d\u3002<\/p>\n\n\n\n

\u8a72\u96c6\u5718\u5728 5 \u6708 12 \u65e5\u53c8\u516c\u5e03\u4e86\u4e09\u5bb6\u53d7\u5bb3\u4f01\u696d<\/a>\uff1a\u4e00\u5bb6\u4f4d\u65bc\u8607\u683c\u862d\u7684\u5efa\u8a2d\u516c\u53f8\u3001\u4e00\u5bb6\u5df4\u897f\u518d\u751f\u80fd\u6e90\u7522\u54c1\u7d93\u92b7\u5546\u516c\u53f8\uff0c\u4ee5\u53ca\u4e00\u5bb6\u7f8e\u570b\u79d1\u6280\u670d\u52d9\u7d93\u92b7\u5546\u3002DarkSide \u96c6\u5718\u5ba3\u7a31\u7e3d\u5171\u5f9e\u9019\u4e09\u5bb6\u516c\u53f8\u7aca\u53d6\u4e86 1.9 GB \u7684\u8cc7\u6599\uff0c\u5305\u62ec\uff1a\u7528\u6236\u8cc7\u6599\u3001\u8ca1\u52d9\u8cc7\u6599\u3001\u54e1\u5de5\u8b77\u7167\u3001\u5408\u7d04\u7b49\u6a5f\u654f\u8cc7\u8a0a\u3002   <\/p>\n\n\n\n

\u7531\u65bc DarkSide \u63a1\u7528 RaaS \u52d2\u7d22\u75c5\u6bd2\u670d\u52d9 (Ransomware-as-a-service)<\/a> \u7684\u7d93\u71df\u6a21\u5f0f\uff0c\u6240\u4ee5\u9019\u4e09\u8d77\u653b\u64ca\u80cc\u5f8c\u5f88\u53ef\u80fd\u662f\u4e09\u500b\u4e0d\u540c\u7684\u99ed\u5ba2\u5718\u9ad4\u6240\u70ba\u3002\u5c31\u9023 DarkSide \u96c6\u5718\u81ea\u5df1\u4e5f \u627f\u8a8d\u4ed6\u5011\u53ea\u662f\u8cfc\u8cb7\u4e86\u9019\u4e9b\u516c\u53f8\u7684\u7db2\u8def\u5b58\u53d6\u6b0a\u9650<\/a> \uff0c\u4ed6\u5011\u4e0d\u66c9\u5f97\u9019\u4e9b\u5b58\u53d6\u6b0a\u9650\u7576\u521d\u662f\u5982\u4f55\u53d6\u5f97\u3002<\/p>\n\n\n\n\n\n\n\n

Trend Micro Research \u5728\u7db2\u8def\u4e0a\u8490\u96c6\u4e86\u6578\u5341\u500b DarkSide \u52d2\u7d22\u75c5\u6bd2\u6a23\u672c\uff0c\u4e26\u7814\u7a76\u4e86\u8a72\u52d2\u7d22\u75c5\u6bd2\u96c6\u5718\u7684\u904b\u4f5c\u65b9\u5f0f\u4ee5\u53ca\u5b83\u6240\u7784\u6e96\u7684\u76ee\u6a19\u3002 <\/p>\n\n\n\n

<\/div>\n\n\n\n

DarkSide \u52d2\u7d22\u75c5\u6bd2<\/strong><\/h3>\n\n\n\n

DarkSide \u6703\u5c07\u5176 RaaS \u63d0\u4f9b\u7d66\u5176\u4ed6\u72af\u7f6a\u96c6\u5718\u4f7f\u7528\uff0c\u5f9e\u5176\u5229\u6f64\u7576\u4e2d\u6536\u53d6\u4e00\u5b9a\u6bd4\u4f8b\u7684\u4f63\u91d1\u3002\u9019\u662f\u73fe\u4ee3\u5316\u52d2\u7d22\u75c5\u6bd2\u7684\u4e00\u500b\u7d55\u4f73\u7bc4\u4f8b\uff0c\u63a1\u7528\u66f4\u9032\u968e\u7684\u5546\u696d\u6a21\u5f0f\u3002\u73fe\u4ee3\u5316\u52d2\u7d22\u75c5\u6bd2\u5c08\u9580\u5c0b\u627e\u9ad8\u50f9\u503c\u76ee\u6a19\uff0c\u4e14\u7372\u5229\u65b9\u5f0f\u4e5f\u66f4\u591a\u6a23\u5316 (\u5982\u96d9\u91cd\u52d2\u7d22)\u3002\u6b64\u5916\uff0c\u73fe\u4ee3\u5316\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\u7d93\u5e38\u7531\u591a\u500b\u96c6\u5718\u806f\u5408\u57f7\u884c\u4e26\u5e73\u5206\u7372\u5229\u3002\u9019\u985e\u653b\u64ca\u6709\u6642\u5019\u770b\u8d77\u4f86\u66f4\u50cf\u662f\u9032\u968e\u6301\u7e8c\u6027\u6ef2\u900f\u653b\u64ca (APT)<\/a>  \u800c\u975e\u50b3\u7d71\u7684\u52d2\u7d22\u75c5\u6bd2\u4e8b\u4ef6\u3002  <\/p>\n\n\n\n

\u4ee5\u4e0b\u662f\u5f9e\u4e00\u4e9b\u516c\u958b\u5831\u5c0e\u7576\u4e2d\u62fc\u6e4a\u51fa\u4f86\u7684 DarkSide \u6d3b\u52d5\u6642\u9593\u8868\uff1a<\/p>\n\n\n\n