en
ua
ru
de
pt
es
pl
fr
tr
fi
da
no
sv
en
EGW-NewsOthersTüm haberler.Russian hacker groups have used WinRAR as a "cyber weapon" to attack Ukraine
Russian hacker groups have used WinRAR as a "cyber weapon" to attack Ukraine
1795
0
0

Russian hacker groups have used WinRAR as a "cyber weapon" to attack Ukraine

Bu makale aşağıdaki dillerde mevcuttur

The Ukrainian government has reported that Russian hackers used the WinRAR file compression utility to delete data from computers at several government agencies. According to the Ukrainian Computer Emergency Response Team (CERT-UA), the Sandworm group may have gained access to compromised VPN accounts that provided access to Ukraine's official government networks.

The hackers apparently used a script called RoarBAT to search for files on the target machine with extensions including.doc,.docx,.rtf,.txt,.xls,.xlsx,.ppt,.pptx,.jpeg,.jpg,.zip,.rar,.7z, and several others, and then used WinRAR to archive the files and the "-df" option, which automatically deletes the source files after archiving. The RoarBAT script then deleted the archived files, resulting in a complete loss of data.

Chicken.gg

Ücretsiz mücevherler, artı günlük, haftalık ve aylık destekler!

Chicken.gg
CS:GO
Claim bonus
Farmskins

Şimdi kaydolun ve 1 ÜCRETSİZ VAKA kazanın

Farmskins
CS:GO
Claim bonus
CSFAIL

EKSTRA %10 PARA YATIRMA BONUSU + ÜCRETSIZ 2 ÇARK DÖNDÜRME

CSFAIL
CS:GO
Claim bonus

The WinRAR utility, which is widely used on most modern computers, can be a reason for their compromise. It seems that Linux systems are not immune to such attacks, and the BASH script and the standard dd tool can be used to compromise them, despite the initial impression of security.

The Ukrainian Center for Information Security CERT-UA claims that the recent hack resembles the attack on the state information agency "Ukrinform" earlier this year, which was linked to the Sandworm group.

"The methods of implementing the malicious plan, the IP addresses of the attackers, and the use of a modified version of RoarBat indicate similarity to the cyber attack on Ukrinform," noted CERT-UA.

The center also strongly recommends that all Ukrainian state operators improve the security of their VPNs with multi-factor authentication. This should probably be a lesson for all of us.

Canlı bir yorum
Makaleyi beğiniz mi?
0
0

Yorum

ZIRVEYE
FREE SUBSCRIPTION ON EXCLUSIVE CONTENT
Receive a selection of the most important and up-to-date news in the industry.
*
*Only important news, no spam.
SUBSCRIBE
LATER
İçeriği ve reklamları kişiselleştirmek, sosyal medya özellikleri sunmak ve trafiği analiz etmek için çerezler kullanıyoruz.
Kişiselleştir
OK