{"id":1604,"date":"2022-01-12T15:08:55","date_gmt":"2022-01-12T07:08:55","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=1604"},"modified":"2022-01-12T15:12:06","modified_gmt":"2022-01-12T07:12:06","slug":"%e5%be%ae%e8%bb%9f%e8%ad%a6%e5%91%8a%e4%b8%ad%e5%9c%8b%e9%a7%ad%e5%ae%a2%e6%ad%a3%e5%9c%a8%e5%88%a9%e7%94%a8-log4shell%e6%bc%8f%e6%b4%9e%e6%94%bb%e6%93%8avmware-horizon%e4%be%86%e9%83%a8%e7%bd%b2nigh","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=1604","title":{"rendered":"\u5fae\u8edf\u8b66\u544a:\u4e2d\u570b\u99ed\u5ba2\u6b63\u5728\u5229\u7528 Log4Shell\u6f0f\u6d1e\u653b\u64caVMware Horizon\u4f86\u90e8\u7f72Night Sky\u52d2\u7d22\u8edf\u9ad4"},"content":{"rendered":"\n

\u5fae\u8edf\u767c\u5e03\u4e86\u4e00\u689d\u8b66\u544a<\/a>\uff0c\u7a31\u5176\u8ffd\u8e2a\u70ba DEV-0401<\/strong> \u7684\u4e2d\u570b\u99ed\u5ba2\u7d44\u7e54\u767c\u8d77\u4e86\u4e00\u9805\u65b0\u6d3b\u52d5\uff0c\u958b\u63a1Log4j\u8edf\u9ad4\u4e2d\u7684\u91cd\u5927\u6f0f\u6d1eCVE-2021-44228\u4f86\u90e8\u7f72Night Sky\u65b0\u578b\u52d2\u7d22\u8edf\u9ad4\u3002\u5fae\u8edf\u5206\u6790\u5e2b\u7684\u5831\u544a\u7a31<\/a>\uff0c\u9019\u7a2e\u65b0\u578b\u52d2\u7d22\u8edf\u9ad4\u5c08\u9580\u653b\u64ca\u9762\u5411\u4e92\u806f\u7db2\u7684\u865b\u64ec\u5316\u670d\u52d9\u5e73\u53f0VMware Horizon\u3002\u6839\u64da\u5831\u544a\uff0c\u8abf\u67e5\u7d50\u679c\u6307\u5411\u5c0d VMWare Horizon\u200b\u200b\u7684\u653b\u64ca\uff0cVMware Horizon\u662f\u4e00\u500b\u5141\u8a31\u9060\u7aef\u7528\u6236\u5b58\u53d6\u865b\u64ec\u96fb\u8166\u548c\u4f3a\u670d\u5668\u7684\u61c9\u7528\u7a0b\u5f0f\uff0c\u662f\u4e00\u6b3e\u591a\u96f2\u684c\u9762\u8207\u61c9\u7528\u7a0b\u5f0f\u865b\u64ec\u5316\u5e73\u53f0\uff0c\u5fae\u8edf\u7684\u5831\u544a\u6307\u51fa\uff0c\u65e9\u5728 1 \u6708 4 \u65e5\uff0c\u653b\u64ca\u8005\u5c31\u958b\u59cb\u5728\u904b\u4f5c VMware Horizon \u9762\u5411\u4e92\u806f\u7db2\u7684\u7cfb\u7d71\u4e2d\u5229\u7528 CVE-2021-44228 \u6f0f\u6d1e\uff0c\u4e26\u5728\u6210\u529f\u7684\u5165\u4fb5\u4e2d\u90e8\u7f72Night Sky \u52d2\u7d22\u8edf\u9ad4\u3002\u76ee\u524d\uff0c\u9664\u5fae\u8edf\u5728\u5176 Windows \u7cfb\u7d71\u4e2d\u4f7f\u7528 Horizo\u200b\u200bn\u5916\uff0cmacOS \u548c Linux\u7cfb\u7d71\u4e5f\u6709\u4f7f\u7528VMware Horizo\u200b\u200bn \u5e73\u53f0\u3002<\/p>\n\n\n\n

\"\"
Photo Credit: Microsoft<\/figcaption><\/figure>\n\n\n\n

\u64da\u4e86\u89e3\uff0c\u5728\u904e\u53bb\u7684\u653b\u64ca\u4e2d\uff0c DEV-0401<\/strong>\u99ed\u5ba2\u7d44\u7e54\u4e0d\u50c5\u66fe\u90e8\u7f72\u904e\u5176\u4ed6\u52d2\u7d22\u8edf\u9ad4\u5305\u62ec LockFile\u3001AtomSilo\u548cRook\uff0cDEV-0401<\/strong>\u4e5f\u66fe\u5229\u7528\u4e86\u9762\u5411 Internet \u7684\u7cfb\u7d71\u4e2d\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u4f8b\u5982 Confluence ( CVE-2021-26084 ) \u548cMicrosoft Exchange \u4f3a\u670d\u5668 (CVE-2021-34473 – ProxyShell )\uff0c\u64da\u4fe1\uff0cNight Sky\u662f\u4e0a\u8ff0\u52d2\u7d22\u8edf\u9ad4\u64cd\u4f5c\u7684\u5ef6\u7e8c\u3002<\/p>\n\n\n\n

\u53e6\u5916\uff0c\u6839\u64daMicrosoft\u7684\u8aaa\u6cd5\uff0c\u64cd\u4f5cNight Sky\u52d2\u7d22\u8edf\u9ad4\u7684\u4e2d\u570b\u99ed\u5ba2\uff0c\u4f7f\u7528C2\u4f3a\u670d\u5668\u4f86\u5192\u5145\u5408\u6cd5\u516c\u53f8\uff08\u5982\u7db2\u8def\u5b89\u5168\u516c\u53f8Trend Micro\uff0cSophos\uff09\u548cIT\u516c\u53f8\uff08\u5982Nvidia\u548cRogers Corporation\uff09\u4f7f\u7528\u7684\u7db2\u57df\u3002<\/p>\n\n\n\n

\n

Successful intrusions by DEV-0401 in this campaign have led to the deployment of the NightSky ransomware. DEV-0401 has previously deployed multiple ransomware families including LockFile, AtomSilo, and Rook, and has similarly exploited vulnerabilities in internet-facing systems.<\/p>— Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022<\/a><\/blockquote>