Maharan SolarWinds sun sami nasarar samun lambar Microsoft

Darkcrizt

4 minti

Microsoft ya fitar da ƙarin bayanai game da harin wanda ya daidaita abubuwan more rayuwa na SolarWinds wanda ya aiwatar da bangon baya a kan dandamali na kayan haɗin ginin cibiyar sadarwar SolarWinds Orion, wanda aka yi amfani dashi akan cibiyar sadarwar Microsoft.

Binciken abin da ya faru ya nuna haka maharan sun sami damar shiga wasu asusun kamfanonin Microsoft kuma yayin binciken, ya bayyana cewa an yi amfani da waɗannan asusun don samun damar ɗakunan cikin gida tare da lambar samfurin Microsoft.

An yi zargin cewa haƙƙin asusun da aka lalata kawai aka ba shi izinin ganin lambar, amma ba su ba da ikon yin canje-canje ba.

Microsoft ya tabbatar wa masu amfani da shi cewa karin tabbaci ya tabbatar da cewa babu wani sauyi da aka yi a wurin ajiyar.

Har ila yau, ba a sami alamun damar maharan ba ga bayanan abokin cinikin Microsoft, yunƙurin kawo cikas ga ayyukan da aka bayar da kuma amfani da kayayyakin Microsoft don aiwatar da hari kan wasu kamfanoni.

Tun harin da aka kaiwa SolarWinds haifar da gabatarwar bayan gida ba kawai a kan hanyar sadarwar Microsoft ba, amma Har ila yau, a cikin sauran kamfanoni da hukumomin gwamnati ta amfani da samfurin SolarWinds Orion.

Sabuntawar bayan gida ta SolarWinds Orion an shigar dashi a cikin abubuwan more rayuwa na kwastomomi sama da 17.000 daga SolarWinds, gami da 425 na kamfanonin Fortune 500 da abin ya shafa, da kuma manyan cibiyoyin hada-hadar kudi da bankuna, daruruwan jami’o’i, bangarori da yawa na sojojin Amurka da Burtaniya, da Fadar White House, da NSA, da Gwamnatin Amurka. Amurka da majalisar Turai.

Abokan ciniki na SolarWinds suma sun haɗa da manyan kamfanoni kamar su Cisco, AT&T, Ericsson, NEC, Lucent, MasterCard, Visa USA, Mataki na 3 da Siemens.

Gidan bayan gida ba da izini daga nesa zuwa cibiyar sadarwar cikin gida na masu amfani da SolarWinds Orion. An kawo canji mara kyau tare da sifofin SolarWinds Orion 2019.4 - 2020.2.1 wanda aka fitar daga Maris zuwa Yuni 2020.

Yayin binciken abin da ya faru, rashin kulawa ga tsaro ya taso ne daga manyan masu samar da tsarin kamfanoni. An ɗauka cewa an sami damar yin amfani da kayan aikin SolarWinds ta hanyar asusun Microsoft Office 365.

Maharan sun sami damar yin amfani da takardar shaidar SAML da aka yi amfani da su don samar da sa hannu na dijital kuma suka yi amfani da wannan takardar shaidar don ƙirƙirar sababbin alamomin da ke ba da damar isa ga cibiyar sadarwar cikin gida.

Kafin wannan, a cikin Nuwamba Nuwamba 2019, masu binciken tsaro na waje sun lura da amfani da kalmar wucewa maras muhimmanci "SolarWind123" don rubuta damar shiga cikin sabar FTP tare da sabunta samfuran SolarWinds, da kuma kwararar kalmar sirri ta ma'aikaci. daga SolarWinds a cikin gidan man git na jama'a.

Bugu da ƙari, bayan da aka gano bangon baya, SolarWinds ya ci gaba da rarraba sabuntawa tare da mummunan canje-canje na ɗan lokaci kuma ba nan da nan ya soke takardar shaidar da aka yi amfani da ita don sanya hannu kan kayayyakinta na dijital (batun ya fito a ranar 13 ga Disamba kuma an soke takardar shaidar a ranar 21 ga Disamba ).

Dangane da korafe-korafe akan tsarin faɗakarwar da tsarin gano malware, An ƙarfafa abokan ciniki don musaki tabbatarwa ta hanyar cire gargaɗin tabbatacce na ƙarya.

Kafin wannan, wakilan SolarWinds sun soki tsarin ci gaban tushen buɗewa, kwatanta amfani da buɗaɗɗiyar tushe zuwa cin abinci mai ƙazanta da bayyana cewa samfurin ci gaba na buɗewa baya hana bayyanar alamun shafi kuma samfurin mallakar ne kawai ke iya samarwa sarrafa lambar.

Bugu da kari, Ma'aikatar Shari'a ta Amurka ta bayyana bayanan da maharan sun sami damar shiga sabar wasikun Ma’aikatar dangane da dandamali na Microsoft Office 365. An yi imanin harin ya fallasa abubuwan da ke cikin akwatinan wasikun wasu ma’aikatan ma’aikatar 3.000.

A nasu bangare, The New York Times da Reuters, ba tare da yin bayanin asalin ba, ya ba da rahoton binciken FBI akan hanyar haɗi tsakanin JetBrains da haɗin SolarWinds. SolarWinds yayi amfani da tsarin haɗin kai na TeamCity wanda JetBrains ke bayarwa.

An ɗauka cewa maharan za su iya samun dama saboda saitunan da ba daidai ba ko kuma amfani da wani tsohon sigar TeamCity da ke ƙunshe da raunin da bai dace ba.

Daraktan JetBrains ya yi watsi da jita-jita game da haɗin kai na kamfanin tare da harin kuma ya nuna cewa hukumomin tilasta doka ko wakilan SolarWinds ba su tuntube su ba game da yiwuwar sadaukar da kai ta TeamCity ga kayayyakin SolarWinds.

Source: https://msrc-blog.microsoft.com


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.