{"id":1022,"date":"2021-04-16T13:13:40","date_gmt":"2021-04-16T05:13:40","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=1022"},"modified":"2021-04-16T13:32:04","modified_gmt":"2021-04-16T05:32:04","slug":"%e7%be%8e%e5%9c%8b%e6%ad%a3%e5%bc%8f%e5%b0%87solarwinds%e4%ba%8b%e4%bb%b6%e6%ad%b8%e5%92%8e%e4%bf%84%e7%be%85%e6%96%af%e5%b0%8d%e5%a4%96%e6%83%85%e5%a0%b1%e5%b1%80%ef%bc%8c%e9%a9%85%e9%80%9010","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=1022","title":{"rendered":"\u7f8e\u570b\u6b63\u5f0f\u5c07SolarWinds\u4e8b\u4ef6\u6b78\u548e\u4fc4\u7f85\u65af\u5c0d\u5916\u60c5\u5831\u5c40\uff0c\u9a45\u901010\u540d\u5916\u4ea4\u5b98\uff0c\u5236\u88c1\u516d\u5bb6\u4fc4\u7f85\u65af\u79d1\u6280\u516c\u53f8\uff0c\u77e5\u540d\u8cc7\u5b89\u516c\u53f8Positive Technologies\u4e5f\u4e0a\u699c"},"content":{"rendered":"\n<p>4\u670815\u65e5-\u5728<a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2021\/04\/15\/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government\/\">\u767d\u5bae\u9031\u56db\u4e00\u4efd\u8072\u660e<\/a>\u4e2d\u7a31\uff0c\u4fc4\u7f85\u65af\u5c0d\u5916\u60c5\u5831\u5c40(Sluzhba Vneshney Razvedki\uff0cSVR)\u8981\u70baSolarWinds\u4e8b\u4ef6\u8ca0\u8cac\u3002\u8a72\u4e8b\u4ef6\u5c0e\u81f4\u4e5d\u5bb6\u806f\u90a6\u6a5f\u69cb\u548c\u6578\u767e\u5bb6\u79c1\u71df\u4f01\u696d\u6578\u64da\u5916\u6d29\u3002\u767d\u5bae\u7684\u65b0\u805e\u7a3f\u8b49\u5be6\u4e86\u904e\u53bb\u7684\u5a92\u9ad4\u5831\u5c0e\uff0c\u4fc4\u7f85\u65af\u5c0d\u5916\u60c5\u5831\u5c40SVR\u662fSolarWinds\u4e8b\u4ef6\u7684\u5e55\u5f8c\u9ed1\u624b\uff0c\u6b63\u5f0f\u6307\u8cacSVR\u901a\u904e\u5176\u90e8\u9580\u7684\u7279\u5de5\u99ed\u5ba2(\u901a\u5e38\u7a31\u70baAPT29\uff0cThe Dukes\u6216Cozy Bear) \u958b\u5c55\u5ee3\u6cdb\u7684\u7db2\u8def\u9593\u8adc\u6d3b\u52d5\u3002<\/p>\n\n\n\n<p>\u901a\u904e\u7834\u58deSolarWinds\u4f9b\u61c9\u93c8\uff0cSVR\u5b58\u53d6\u5168\u7403\u8d85\u904e16,000\u53f0\u96fb\u8166\uff0c\u80fd\u76e3\u8996\u6216\u6f5b\u5728\u7834\u58de\u90a3\u4e9b\u96fb\u8166\uff0c\u591a\u500b\u7f8e\u570b\u653f\u5e9c\u6a5f\u69cb\u662f\u9019\u5834\u5ee3\u6cdb\u7684\u7db2\u8def\u9593\u8adc\u6d3b\u52d5\u7684\u53d7\u5bb3\u8005\uff0c\u570b\u52d9\u9662\uff0c\u53f8\u6cd5\u90e8\uff0c\u80fd\u6e90\u90e8\uff0c\u7db2\u8def\u5b89\u5168\u548c\u57fa\u790e\u8a2d\u65bd\u5c40\u4ee5\u53ca\u8ca1\u653f\u90e8\u662f\u62ab\u9732\u88ab\u5165\u4fb5\u7684\u6700\u5927\u6a5f\u69cb\u3002\u8cc7\u5b89\u516c\u53f8\u5982FireEye\uff0cMalwarebytes\uff0cMicrosoft\uff0cMimecast\u7b49\u4e5f\u662f\u91dd\u5c0d\u7279\u5b9a\u76ee\u6a19\u3002\u767d\u5bae\u7684\u6458\u8981\u6307\u51fa\uff1a\u201c\u7f8e\u570b\u60c5\u5831\u754c\u5c0dSVR\u7684\u6b78\u56e0\u8a55\u4f30\u5145\u6eff\u9ad8\u5ea6\u4fe1\u5fc3\u3002\u201d \u6839\u64da\u7f8e\u570b\u653f\u5e9c\u7684\u8aaa\u6cd5\uff0c\u9019\u7a2e\u5165\u4fb5\u7684\u7bc4\u570d\u6d89\u53ca\u570b\u5bb6\u5b89\u5168\u548c\u516c\u5171\u5b89\u5168\u3002\u800c\u4e14\u7d66\u5927\u591a\u6578\u79c1\u71df\u6a5f\u69cb\u7684\u53d7\u5bb3\u8005\u5e36\u4f86\u4e86\u4e0d\u9069\u7576\u7684\u8ca0\u64d4\uff0c\u4fc4\u7f85\u65af\u9808\u627f\u64d4\u9019\u4e00\u4e8b\u4ef6\u7684\u7570\u5e38\u9ad8\u6602\u7684\u4ee3\u50f9\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"554\" height=\"554\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/04\/image-9.png\" alt=\"\" class=\"wp-image-1023\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/04\/image-9.png 554w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/04\/image-9-300x300.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/04\/image-9-150x150.png 150w\" sizes=\"auto, (max-width: 554px) 100vw, 554px\" \/><\/figure>\n\n\n\n<p>\u76ee\u524d\u8a31\u591a\u653f\u5e9c\u5df2\u7d93\u51fa\u4f86\u652f\u6301\u7f8e\u570b\u5c0dSolarWinds\u7684\u6b78\u56e0\u8a55\u4f30\u3002\u82f1\u570b\u4e5f\u540c\u6642\u767c\u5e03\u4e86\u6b78\u56e0\u8a55\u4f30\u76ee\u524d\uff0c14\u500b\u570b\u5bb6\u653f\u5e9c\u5728\u5176\u5b98\u65b9\u7db2\u7ad9\u4e0a\u767c\u5e03\u4e86\u652f\u6301\u6027\u63a8\u6587\uff0c\u53e6\u67097\u500b\u767c\u5e03\u4e86\u652f\u6301\u6027\u66f8\u9762\u8072\u660e\u548c\u63a8\u6587\u3002<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">Quite a lot of governments have come out in support of the US attribution assessment on Solarwinds. As of this writing, 14+7 published a supporting tweet and 7 released written statements on their official websites. Guess the NATO+EU angle works very well to rally public support. <a href=\"https:\/\/t.co\/1Z0D6JXtRV\">pic.twitter.com\/1Z0D6JXtRV<\/a><\/p>&mdash; Stefan Soesanto (@iiyonite) <a href=\"https:\/\/twitter.com\/iiyonite\/status\/1382768910601220096?ref_src=twsrc%5Etfw\">April 15, 2021<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>\u6b64\u5916\uff0c\u570b\u5bb6\u5b89\u5168\u5c40\uff08NSA\uff09\uff0c\u7db2\u8def\u5b89\u5168\u548c\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40\uff08CISA\uff09\u548c\u806f\u90a6\u8abf\u67e5\u5c40\uff08FBI\uff09\u5171\u540c\u767c\u5e03\u4e86<a href=\"https:\/\/www.nsa.gov\/News-Features\/Feature-Stories\/Article-View\/Article\/2573391\/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili\/\">\u4e00\u4efd\u8aee\u8a62\u5831\u544a<\/a>\uff0c\u8b66\u544a\u4f01\u696dSVR\u7a4d\u6975\u5229\u7528\u4e94\u500b\u5df2\u77e5\u7684\u6f0f\u6d1e\u9032\u884c\u521d\u6b65\u653b\u64ca\u7acb\u8db3\u65bc\u53d7\u5bb3\u8a2d\u5099\u548c\u7db2\u8def:<\/p>\n\n\n\n<p>CVE-2018-13379 -Fortinet FortiGate VPN<\/p>\n\n\n\n<p>CVE-2019-9670 &#8211; Synacor Zimbra Collaboration Suite<\/p>\n\n\n\n<p>CVE-2019-11510 &#8211; Pulse Secure Pulse Connect Secure VPN<\/p>\n\n\n\n<p>CVE-2019-19781 &#8211; Citrix Application Delivery Controller and Gateway<\/p>\n\n\n\n<p>CVE-2020-4006 &#8211; VMware Workspace ONE Access<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"554\" height=\"421\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/04\/image-10.png\" alt=\"\" class=\"wp-image-1024\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/04\/image-10.png 554w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/04\/image-10-300x228.png 300w\" sizes=\"auto, (max-width: 554px) 100vw, 554px\" \/><\/figure>\n\n\n\n<p>\u4f01\u696d\u61c9\u6ce8\u610f\u8a72\u8b66\u544a\uff0c\u4e26\u63a1\u53d6\u5fc5\u8981\u7684\u6b65\u9a5f\u4f86\u8b58\u5225\u548c\u9632\u79a6SVR\u9032\u884c\u7684\u60e1\u610f\u6d3b\u52d5\u3002<\/p>\n\n\n\n<p>\u6839\u64da\u62dc\u767b\u7e3d\u7d71\u4eca\u5929\u767c\u5e03\u7684\u884c\u653f\u547d\u4ee4\uff0c<a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy0127\">\u7f8e\u570b\u8ca1\u653f\u90e8<\/a>\u5c0d\u4ee5\u4e0b\u4fc4\u7f85\u65af\u79d1\u6280\u516c\u53f8\u5df2\u5be6\u65bd\u5236\u88c1\uff0c\u516d\u5bb6\u79d1\u6280\u516c\u53f8\u88ab\u6307\u63a7\u5e6b\u52a9SVR\uff0c\u4fc4\u7f85\u65af\u806f\u90a6\u5b89\u5168\u5c40\uff08FSB\uff09\u548c\u4fc4\u7f85\u65af\u4e3b\u8981\u60c5\u5831\u5c40\uff08GRU\uff09\u5c0d\u7f8e\u570b\u9032\u884c\u60e1\u610f\u7db2\u8def\u6d3b\u52d5\u3002<\/p>\n\n\n\n<p>\u88ab\u5236\u88c1\u7684\u516d\u5bb6\u79d1\u6280\u516c\u53f8\u6216\u6a5f\u69cb\u5305\u62ec:<\/p>\n\n\n\n<p><strong>ERA Technopolis<\/strong>&nbsp; \u2013\u7531\u4fc4\u7f85\u65af\u570b\u9632\u90e8\u8cc7\u52a9\u548c\u904b\u71df\u7684\u7814\u7a76\u4e2d\u5fc3\u548c\u6280\u8853\u5712\u5340\u3002ERA Technopolis\u64c1\u6709\u4e26\u652f\u6301\u4fc4\u7f85\u65af\u4e3b\u8981\u60c5\u5831\u5c40\uff08GRU\uff09\uff0c\u8ca0\u8cac\u9032\u653b\u6027\u7db2\u8def\u548c\u8cc7\u8a0a\u4f5c\u6230\uff0c\u4e26\u5229\u7528\u4fc4\u7f85\u65af\u6280\u8853\u90e8\u9580\u7684\u4eba\u54e1\u548c\u5c08\u696d\u77e5\u8b58\u4f86\u958b\u767c\u8ecd\u4e8b\u548c\u96d9\u91cd\u7528\u9014\u6280\u8853\u3002<\/p>\n\n\n\n<p><strong>Pasit<\/strong>&nbsp; \u2013\u4f4d\u65bc\u4fc4\u7f85\u65af\u7684IT\u516c\u53f8\uff0c\u9032\u884c\u7814\u7a76\u548c\u958b\u767c\u4ee5\u652f\u6301\u4fc4\u7f85\u65af\u5c0d\u5916\u60c5\u5831\u5c40\u670d\u52d9\uff08SVR\uff09\u7684\u60e1\u610f\u7db2\u8def\u64cd\u4f5c\u3002<\/p>\n\n\n\n<p><strong>SVA<\/strong>&nbsp; \u2013\u4fc4\u7f85\u65af\u570b\u6709\u7814\u7a76\u6a5f\u69cb\uff0c\u5c08\u9580\u7814\u7a76\u4f4d\u65bc\u4fc4\u7f85\u65af\u7684\u5148\u9032\u8cc7\u8a0a\u5b89\u5168\u7cfb\u7d71\uff0c\u9032\u884c\u7814\u7a76\u548c\u958b\u767c\uff0c\u4ee5\u652f\u6301SVR\u7684\u60e1\u610f\u7db2\u8def\u64cd\u4f5c\u3002<\/p>\n\n\n\n<p><strong>Neobit <\/strong>&nbsp;\u2013\u4f4d\u65bc\u4fc4\u7f85\u65af\u8056\u5f7c\u5f97\u5821\u7684IT\u5b89\u5168\u516c\u53f8\uff0c\u5176\u5ba2\u6236\u5305\u62ec\u4fc4\u7f85\u65af\u570b\u9632\u90e8\uff0cSVR\u548c\u4fc4\u7f85\u65af\u806f\u90a6\u5b89\u5168\u5c40\uff08FSB\uff09\u3002Neobit\u9032\u884c\u7814\u7a76\u548c\u958b\u767c\uff0c\u4ee5\u652f\u6301\u7531FSB\uff0cGRU\u548cSVR\u9032\u884c\u7684\u7db2\u8def\u904b\u71df\u3002Neobit\u9084\u6839\u64da\u8207\u7db2\u8def\u76f8\u95dc\u7684EO 13694\uff08\u7d93EO 13757\uff0c\u8207WMD\u76f8\u95dc\u7684EO 13382\u548c\u7531\u300a\u6253\u64ca\u5236\u88c1\u7684\u7f8e\u570b\u5c0d\u624b\u300b\uff08CAATSA\uff09\u4fee\u8a02\uff09\u7684\u6307\u5b9a\uff0c\u70baGRU\u63d0\u4f9b\u7269\u8cea\u652f\u63f4\u3002<\/p>\n\n\n\n<p>AST&nbsp; \u2013\u4fc4\u7f85\u65afIT\u5b89\u5168\u516c\u53f8\uff0c\u5176\u5ba2\u6236\u5305\u62ec\u4fc4\u7f85\u65af\u570b\u9632\u90e8\uff0cSVR\u548cFSB\u3002AST\u70baFSB\uff0cGRU\u548cSVR\u9032\u884c\u7684\u7db2\u8def\u904b\u71df\u63d0\u4f9b\u4e86\u6280\u8853\u652f\u6301\u3002AST\u9084\u6839\u64daEO 13694\uff0cEO 13382\u548cCAATSA\u88ab\u6307\u5b9a\u70baFSB\u63d0\u4f9b\u652f\u63f4\u3002<\/p>\n\n\n\n<p><strong>Positive Technologies<\/strong>&nbsp; \u2013\u4e00\u5bb6\u4fc4\u7f85\u65af\u8cc7\u5b89\u5168\u516c\u53f8\uff0c\u70ba\u5305\u62ecFSB\u5728\u5167\u7684\u4fc4\u7f85\u65af\u653f\u5e9c\u5ba2\u6236\u63d0\u4f9b\u652f\u63f4\u3002Positive Technologies\u70ba\u4fc4\u7f85\u65af\u4f01\u696d\uff0c\u5916\u570b\u653f\u5e9c\u548c\u570b\u969b\u516c\u53f8\u63d0\u4f9b\u96fb\u8166\u7db2\u8def\u5b89\u5168\u89e3\u6c7a\u65b9\u6848\uff0c\u4e26\u8209\u8fa6\u5927\u578b\u6703\u8b70\uff0c\u9019\u4e9b\u6703\u8b70\u88ab\u7528\u4f5cFSB\u548cGRU\u7684\u62db\u52df\u6d3b\u52d5\u3002Positive Technologies\u9084\u6839\u64daEO 13694\uff0cEO 13382\u548cCAATSA\u88ab\u6307\u5b9a\u70baFSB\u63d0\u4f9b\u652f\u63f4\u3002<\/p>\n\n\n\n<p>\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u7f8e\u570b\u8ca1\u653f\u90e8\u7684\u5236\u88c1\u540d\u55ae\u9084\u5305\u62ec\u4fc4\u7f85\u65af\u8cc7\u5b89\u516c\u53f8Positive Technologies\uff0c\u8a72\u516c\u53f8\u4ee5\u5176\u5728\u7db2\u8def\u5b89\u5168\u6f0f\u6d1e\u7814\u7a76\u65b9\u9762\u7684\u5de5\u4f5c\u800c\u805e\u540d\u5168\u7403\u3002<\/p>\n\n\n\n<p>\u7f8e\u570b\u516c\u53f8\u548c\u91d1\u878d\u6a5f\u69cb\u4e0d\u518d\u80fd\u5920\u8207\u4e0a\u8ff0\u7684\u516c\u53f8\u6216\u6a5f\u69cb\u958b\u5c55\u696d\u52d9\uff0c\u9664\u975e\u7372\u5f97\u7f8e\u570b\u7684\u5916\u570b\u8cc7\u7522\u7ba1\u5236\u8655\uff08Office of Foreign Assets Control\uff0cOFAC\uff09\u7533\u8acb\u7684\u8a31\u53ef\u3002<\/p>\n\n\n\n<p>SolarWinds\u4f9b\u61c9\u93c8\u653b\u64ca\u7684\u6709\u95dc\u60c5\u8cc7:<\/p>\n\n\n\n<p><a href=\"https:\/\/otx.alienvault.com\/pulse\/60413cd1bb43dcf1d22c274b\">https:\/\/otx.alienvault.com\/pulse\/60413cd1bb43dcf1d22c274b<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/otx.alienvault.com\/pulse\/5fd6df943558e0b56eaf3da8\">https:\/\/otx.alienvault.com\/pulse\/5fd6df943558e0b56eaf3da8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/otx.alienvault.com\/pulse\/5fe0d2b1258adac64a4f9adc\">https:\/\/otx.alienvault.com\/pulse\/5fe0d2b1258adac64a4f9adc<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/otx.alienvault.com\/pulse\/5fd825b7fa4eb2223a0cf812\">https:\/\/otx.alienvault.com\/pulse\/5fd825b7fa4eb2223a0cf812<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/otx.alienvault.com\/pulse\/5ffc7929fdeee95e277473b7\">https:\/\/otx.alienvault.com\/pulse\/5ffc7929fdeee95e277473b7<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/otx.alienvault.com\/pulse\/5ffccc003adfeeafe1d401a8\">https:\/\/otx.alienvault.com\/pulse\/5ffccc003adfeeafe1d401a8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/otx.alienvault.com\/pulse\/5fdce61ef056eff2ce0a90de\">https:\/\/otx.alienvault.com\/pulse\/5fdce61ef056eff2ce0a90de<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>4\u670815\u65e5-\u5728\u767d\u5bae\u9031\u56db\u4e00\u4efd\u8072\u660e\u4e2d\u7a31\uff0c\u4fc4\u7f85\u65af\u5c0d\u5916\u60c5\u5831\u5c40(Sluzhba Vneshney Razvedki\uff0cSV <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=1022\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[152,168,112],"class_list":["post-1022","post","type-post","status-publish","format-standard","hentry","category-6","tag-solarwinds","tag-168","tag-112"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1022","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1022"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1022\/revisions"}],"predecessor-version":[{"id":1027,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1022\/revisions\/1027"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1022"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1022"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1022"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}