{"id":2092,"date":"2022-08-03T13:08:28","date_gmt":"2022-08-03T05:08:28","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=2092"},"modified":"2023-02-13T10:41:00","modified_gmt":"2023-02-13T02:41:00","slug":"blackcat%e5%8b%92%e7%b4%a2%e8%bb%9f%e9%ab%94%e5%85%a5%e4%be%b5%e4%ba%86%e6%ad%90%e6%b4%b2%e8%83%bd%e6%ba%90%e4%be%9b%e6%87%89%e5%95%86%ef%bc%8cencevo-group%e6%97%97%e4%b8%8b%e5%85%a9%e5%ae%b6%e5%ad%90","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=2092","title":{"rendered":"BlackCat\u52d2\u7d22\u8edf\u9ad4\u5165\u4fb5\u4e86\u6b50\u6d32\u80fd\u6e90\u4f9b\u61c9\u5546\uff0cEncevo Group\u65d7\u4e0b\u5169\u5bb6\u5b50\u516c\u53f8\u53d7\u5f71\u97ff\uff0c\u6578\u64da\u5916\u6d29\u9732\uff0c\u96fb\u8a71\u7dda\u8def\u53ca\u5ba2\u6236\u7ba1\u7406\u7cfb\u7d71\u7121\u6cd5\u4f7f\u7528"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"310\" height=\"163\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/08\/image-5.png\" alt=\"\" class=\"wp-image-2095\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/08\/image-5.png 310w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/08\/image-5-300x158.png 300w\" sizes=\"auto, (max-width: 310px) 100vw, 310px\" \/><\/figure>\n\n\n\n<p>\u6839\u64da\u591a\u5bb6\u8cc7\u5b89\u5916\u5a92\u5831\u5c0e\uff0c\u7e3d\u90e8\u4f4d\u65bc\u76e7\u68ee\u5821\u7684\u5169\u5bb6\u516c\u53f8\u6b63\u5728\u52aa\u529b\u61c9\u5c0d\u4e0a\u5468\u958b\u59cb\u7684\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\uff0c\u9019\u662f\u6d89\u53ca\u6b50\u6d32\u80fd\u6e90\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u4e8b\u4ef6\u4e2d\u7684\u6700\u65b0\u4e00\u8d77\u3002\u5728 7 \u6708 25 \u65e5<a href=\"https:\/\/www.encevo.eu\/wp-content\/uploads\/2022\/07\/2022-Communique-de-presse-Cyberattaque.pdf\">Encevo Group \u8868\u793a<\/a>\uff0c\u51762\u9593\u4e3b\u8981\u5b50\u516c\u53f8Creos\uff08\u7ba1\u7406\u96fb\u529b\u8207\u71c3\u6c23\u7db2\uff09\u548cEnovos Luxembourg(\u8ca0\u8cac\u5411\u76e7\u68ee\u5821\u548c\u5fb7\u570b\u7684\u591a\u5143\u5316\u6295\u8cc7\u7d44\u5408\u5ba2\u6236\u51fa\u552e\u80fd\u6e90)\u662f7 \u6708 22 \u65e5\u665a\uff0c\u7db2\u8def\u653b\u64ca\u7684\u53d7\u5bb3\u8005\u3002Encevo Group\u6307\u51fa\u6b64\u6b21\u653b\u64ca\u4e2d\u65b7\u4e86\u5169\u5bb6\u516c\u53f8\u7684\u5ba2\u6236\u5165\u53e3\u7db2\u7ad9\uff0c\u4f46\u672a\u5f71\u97ff\u96fb\u529b\u548c\u5929\u7136\u6c23\u7684\u4f9b\u61c9\uff0cEncevo Group\u662f\u7531\u76e7\u68ee\u5821\u653f\u5e9c\u548c\u5305\u62ec\u4e2d\u570b\u5357\u65b9\u96fb\u7db2\u570b\u969b\u5728\u5167\u7684\u5176\u4ed6\u5e7e\u5bb6\u516c\u53f8\u6240\u6709\u3002Encevo Group\u5728\u4e94\u500b\u6b50\u6d32\u570b\u5bb6(\u76e7\u68ee\u5821\u3001\u5fb7\u570b\u3001\u6cd5\u570b\u3001\u6bd4\u5229\u6642\u8207\u8377\u862d)\u64c1\u6709\u80fd\u6e90\u4f9b\u61c9\u696d\u52d9\uff0c\u662f\u76e7\u68ee\u5821\u6700\u5927\u7684\u80fd\u6e90\u516c\u53f8\uff0c\u70ba\u8d85\u904e 285,000 \u540d\u5ba2\u6236\u63d0\u4f9b\u96fb\u529b\uff0c\u70ba 47,000 \u540d\u5ba2\u6236\u63d0\u4f9b\u5929\u7136\u6c23\u3002<\/p>\n\n\n\n<p>Creos\u5728\u4e0a\u9031\u7684\u4e00\u4efd<a href=\"https:\/\/www.creos-net.lu\/actualites\/actualites\/article\/le-groupe-encevo-victime-dune-cyberattaque.html\">\u8072\u660e<\/a>\u4e2d\u8b49\u5be6\uff0c\u5176\u96fb\u8a71\u7dda\u8def\u53ca\u5ba2\u6236\u7ba1\u7406\u7cfb\u7d71\u7121\u6cd5\u4f7f\u7528\uff0c\u6c92\u6709\u9032\u4e00\u6b65\u8aaa\u660e\u5176\u4ed6\u7d30\u7bc0\uff0c\u7136\u800c\u5176\u6bcd\u516c\u53f8Encevo Group\u5728<a href=\"https:\/\/www.encevo.eu\/wp-content\/uploads\/2022\/07\/2022-Communique-de-presse-DATA-BREACH.pdf\"> 7 \u6708 28 \u65e5<\/a>\u7684\u65b0\u805e\u7a3f\u4e2d\u5beb\u9053\uff0c\u201c\u4e00\u5b9a\u6578\u91cf\u7684\u6578\u64da\u5f9e\u96fb\u8166\u7cfb\u7d71\u4e2d\u5916\u6d29\u9732\u6216\u56e0\u99ed\u5ba2\u653b\u64ca\u7121\u6cd5\u5b58\u53d6\u3002\u201d \u76ee\u524d Encevo Group\u7121\u6cd5\u4f30\u8a08\u5f71\u97ff\u7684\u7bc4\u570d\uff0c\u61c7\u8acb\u5ba2\u6236\u8010\u5fc3\u7b49\u5f85\u8abf\u67e5\u7d50\u675f\uff0c\u5c46\u6642\u5c07\u500b\u5225\u901a\u77e5\u5ba2\u6236\uff0cEncevo Group\u8868\u793a\u5efa\u7acb\u4e86\u4e00\u500b\u5c08\u9580\u7684<a href=\"https:\/\/www.encevo.eu\/en\/encevo-cyberattack\/\">\u7db2\u9801<\/a>\uff0c\u7528\u65bc\u767c\u4f48\u6d88\u606f\uff0c\u5c07\u96a8\u8457Creos \u548cEnovos\u767c\u5c55\u7684\u60c5\u6cc1\u9032\u884c\u66f4\u65b0\u3002Encevo\u4fdd\u8b49\u7528\u6236\u7684\u4f9b\u61c9\u4e0d\u6703\u56e0\u653b\u64ca\u800c\u4e2d\u65b7\uff0c\u4f46\u5efa\u8b70\u5ba2\u6236\u76e1\u5feb\u91cd\u7f6e\u4ed6\u5011\u7684\u767b\u9304\u8a73\u7d30\u8cc7\u6599\u3002<\/p>\n\n\n\n<p>\u73fe\u5728\uff0c\u8cc7\u5b89\u516c\u53f8Emsisoft\u5a01\u8105\u5206\u6790\u5e2b <a href=\"https:\/\/twitter.com\/BrettCallow\/status\/1553157205863456770\">Brett Callow <\/a>\u8868\u793a\uff0c\u653b\u64ca\u8005\u662fBlackCat\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54-\u4e5f\u7a31\u70ba Alphv\uff0c\u64da\u719f\u6089\uff0cBlackCat\u7aca\u53d6\u4e86 150 GB \u7684\u6578\u64da\uff0c\u517118\u842c\u500b\u6a94\u6848\uff0c\u5f9e\u622a\u5716\u986f\u793a\u9019\u4e9b\u6578\u64da\u5305\u62ec\u5408\u7d04\u3001\u8b77\u7167\u3001\u8cec\u55ae\u548c\u96fb\u90f5\u7b49\uff0cBlackCat\u8072\u7a31\u5728\u5468\u4e00(8 \u67081\u65e5) \u516c\u958b\u6240\u6709\u6578\u64da\uff0c\u4f46\u622a\u81f3\u76ee\u524d\uff0c\u5c1a\u672a\u516c\u4f48\u4efb\u4f55\u6578\u64da\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"865\" height=\"404\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/08\/image-4.png\" alt=\"\" class=\"wp-image-2094\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/08\/image-4.png 865w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/08\/image-4-300x140.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/08\/image-4-768x359.png 768w\" sizes=\"auto, (max-width: 865px) 100vw, 865px\" \/><figcaption class=\"wp-element-caption\">BlackCat\/Alphv \u63ed\u79d8\u7db2\u7ad9<\/figcaption><\/figure>\n\n\n\n<p>\u6b50\u76df\u7db2\u8def\u5b89\u5168\u5c40\u5728\u9031\u4e94(7\/29)\u767c\u5e03\u4e86<a href=\"https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-for-ransomware-attacks\">\u4e00\u4efd\u5831\u544a<\/a>\uff0c\u5176\u4e2d\u5206\u6790\u4e86 2021 \u5e74 5 \u6708\u81f3 2022 \u5e74 6 \u6708\u671f\u9593\u5728\u6b50\u76df\u767c\u751f\u7684 623 \u8d77\u8cc7\u5b89\u4e8b\u4ef6\u3002\u5831\u544a\u767c\u73fe\uff0c\u5728\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u671f\u9593\uff0c\u6bcf\u6708\u6709 10 TB \u7684\u6578\u64da\u88ab\u76dc\u548c\u5916\u6d29\uff0c\u800c\u8d85\u904e 60 % \u7684\u7d44\u7e54\u53ef\u80fd\u5df2\u7d93\u652f\u4ed8\u4e86\u8d16\u91d1\u3002<\/p>\n\n\n\n<p>\u91dd\u5c0d Encevo Group \u65d7\u4e0b\u5be6\u9ad4\u7684\u653b\u64ca\u662f\u6700\u8fd1\u91dd\u5c0d\u6b50\u6d32\u80fd\u6e90\u516c\u53f8\u7684\u773e\u591a\u653b\u64ca\u4e4b\u4e00\uff0c\u9019\u4e9b\u653b\u64ca\u5728\u53bb\u5e74\u986f\u8457\u589e\u52a0\u3002\u5fb7\u570b\u98a8\u96fb\u5834\u904b\u71df\u5546 <a href=\"https:\/\/therecord.media\/german-wind-farm-operator-confirms-cybersecurity-incident-after-ransomware-group\/\">Deutsche Windtechnik<\/a>\u65bc 4 \u6708\u56e0\u7db2\u8def\u653b\u64ca\u800c\u7671\u7613\uff0c\u800c\u5fb7\u570b\u98a8\u529b\u6e26\u8f2a\u6a5f\u88fd\u9020\u5546 <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/wind-turbine-nordex-cyber-attack\/\">Nordex<\/a>\u5728 3 \u6708 31 \u65e5\u906d\u53d7\u7db2\u8def\u653b\u64ca\u5f8c\u88ab\u8feb\u95dc\u9589\u5176\u591a\u500b\u5730\u9ede\u548c\u696d\u52d9\u90e8\u9580\u7684 IT \u7cfb\u7d71\u3002Nordex \u4e8b\u4ef6\u662f\u5728\u5c0d\u885b\u661f\u901a\u4fe1\u516c\u53f8 <a href=\"https:\/\/therecord.media\/viasat-confirms-report-of-wiper-malware-used-in-ukraine-cyberattack\/\">Viasat<\/a> \u7684\u7db2\u8def\u653b\u64ca\u4e4b\u5f8c\u767c\u751f\u7684\uff0c\u8a72\u653b\u64ca\u5c0e\u81f4\u5fb7\u570b 5,800 \u53f0 Enercon \u98a8\u529b\u6e26\u8f2a\u6a5f\u7121\u6cd5\u4f7f\u7528\u3002<\/p>\n\n\n\n<p>2 \u6708\uff0c\u6b50\u6d32\u6aa2\u5bdf\u5b98\u548c\u7db2\u8def\u5b89\u5168\u5b98\u54e1\u958b\u59cb\u8abf\u67e5\u5f71\u97ff\u5e7e\u500b\u4e3b\u8981\u77f3\u6cb9\u6e2f\u53e3\u78bc\u982d\u7684\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\uff0c\u76ee\u6a19\u662f\u6bd4\u5229\u6642\u3001\u8377\u862d\u548c\u5fb7\u570b\u7684\u7d44\u7e54\uff0c\u5305\u62ec\u8a72\u5730\u5340\u4e00\u4e9b\u6700\u5927\u7684\u6e2f\u53e3\u3002<\/p>\n\n\n\n<p>\u5fb7\u570b\u7269\u6d41\u96c6\u5718 Marquard &amp; Bahls \u65d7\u4e0b\u7684\u77f3\u6cb9\u516c\u53f8 Oiltanking \u548c Mabanaft\u5728 2 \u6708\u4efd\u906d\u53d7\u4e86\u7db2\u8def\u653b\u64ca\uff0c\u5c0e\u81f4\u5176\u88dd\u5378\u7cfb\u7d71\u7671\u7613\u3002Oiltanking\u8868\u793a\uff0c\u9019\u662f\u4e0d\u53ef\u6297\u529b\u7684\u653b\u64ca\u4e8b\u4ef6\uff0c\u8feb\u4f7f\u6bbc\u724c\u5c07\u77f3\u6cb9\u4f9b\u61c9\u6539\u9053\u81f3\u5176\u4ed6\u6cb9\u5eab\u3002\u5fb7\u570b\u5831\u7d19 Handelsblatt\u7a31\uff0c\u7531\u65bc\u9019\u6b21\u8972\u64ca\uff0c\u5fb7\u570b\u5404\u5730\u7684 233 \u500b\u52a0\u6cb9\u7ad9\u73fe\u5728\u4e0d\u5f97\u4e0d\u624b\u52d5\u904b\u884c\u4e00\u4e9b\u6d41\u7a0b\u3002\u5fb7\u570b\u806f\u90a6\u8cc7\u6599\u5b89\u5168\u8fa6\u516c\u5ba4\u7684\u4e00\u4efd<a href=\"https:\/\/www.zdnet.com\/article\/blackcat-ransomware-implicated-in-attack-on-german-oil-companies\/\">\u5167\u90e8\u5831\u544a<\/a>\u7a31\uff0cBlackCat \u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u662f\u5c0d\u77f3\u6cb9\u516c\u53f8\u7684\u7db2\u8def\u653b\u64ca\u7684\u5e55\u5f8c\u9ed1\u624b\u3002<\/p>\n\n\n\n<p>\u7f8e\u570bFBI \u5728 4 \u6708\u767c\u5e03\u7684<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/blackcat-ransomware-claims-attack-on-european-gas-pipeline\/\">\u8b66\u5831\u7a31<\/a>\uff0c\u622a\u81f3 3 \u6708\uff0c\u57f7\u6cd5\u6a5f\u69cb\u5df2\u8ffd\u8e2a\u5230 BlackCat \u7d44\u7e54\u767c\u8d77\u7684\u81f3\u5c11 60 \u6b21\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u3002 \u6839\u64da\u8b66\u5831\uff0cBlackCat\u662f\u7b2c\u4e00\u500b\u4f7f\u7528 RUST \u6210\u529f\u653b\u64ca\u9019\u9ebc\u591a\u53d7\u5bb3\u8005\u7684\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\uff0cRUST\u662f\u4e00\u7a2e\u8a31\u591a\u4eba\u8a8d\u70ba\u6bd4\u4f7f\u7528\u5176\u4ed6\u7de8\u7a0b\u8a9e\u8a00\u66f4\u5b89\u5168\u7684\u7a0b\u5f0f\u8a9e\u8a00\u3002<\/p>\n\n\n\n<p>\u8cc7\u5b89\u516c\u53f8Emsisoft \u8868\u793a\uff0cBlackCat \u5f88\u53ef\u80fd\u662f\u88ab\u7a31\u70ba BlackMatter \u7684\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u7684\u6539\u540d(Rebrand)\uff0c\u800cBlackMatter\u53c8\u662f DarkSide \u7684\u6539\u540d\uff0c\u8a72\u7d44\u7e54\u56e0\u53bb\u5e74\u653b\u64ca\u7f8e\u570b\u7f8e\u904b\u6cb9\u4f9b\u61c9\u5546 <a href=\"https:\/\/blog.billows.com.tw\/?p=1075\">Colonial Pipeline<\/a>\u800c\u81ed\u540d\u662d\u8457\uff0c\u66f4\u5c0e\u81f4\u7f8e\u570b<a href=\"https:\/\/blog.billows.com.tw\/?p=1069\">\u7e3d\u7d71\u62dc\u767b<\/a>\u5ba3\u5e03\u5168\u570b\u9032\u5165\u7dca\u6025\u72c0\u614b\u3002<\/p>\n\n\n\n<p>\u6709\u95dcBlackCat\u52d2\u7d22\u8edf\u9ad4\u7684\u201d\u90e8\u5206\u201d\u5165\u4fb5\u6307\u6a19(Indicator of compromise -IOCs):<\/p>\n\n\n\n<p>Domain:<\/p>\n\n\n\n<p>sty5r4hhb5oihbq2mwevrofdiqbgesi66rvxr5sr573xgvtuvr4cs5yd.onion<\/p>\n\n\n\n<p>id7seexjn4bojn5rvo4lwcjgufjz7gkisaidckaux3uvjc7l7xrsiqad.onion<\/p>\n\n\n\n<p>SHA 256:<\/p>\n\n\n\n<p>f8c08d00ff6e8c6adb1a93cd133b19302d0b651afd73ccb54e3b6ac6c60d99c6<\/p>\n\n\n\n<p>f815f5d6c85bcbc1ec071dd39532a20f5ce910989552d980d1d4346f57b75f89<\/p>\n\n\n\n<p>f837f1cd60e9941aa60f7be50a8f2aaaac380f560db8ee001408f35c1b7a97cb<\/p>\n\n\n\n<p>\u00a0&#8220;\u8f49\u8cbc\u3001\u5206\u4eab\u6216\u5f15\u7528\u6587\u7ae0\u5167\u5bb9\uff0c\u8acb\u8a3b\u660e\u51fa\u8655\u70ba\u7ae3\u76df\u79d1\u6280\u00a0<a href=\"https:\/\/www.billows.com.tw\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.billows.com.tw<\/a>\u00a0, \u4ee5\u514d\u89f8\u6cd5&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6839\u64da\u591a\u5bb6\u8cc7\u5b89\u5916\u5a92\u5831\u5c0e\uff0c\u7e3d\u90e8\u4f4d\u65bc\u76e7\u68ee\u5821\u7684\u5169\u5bb6\u516c\u53f8\u6b63\u5728\u52aa\u529b\u61c9\u5c0d\u4e0a\u5468\u958b\u59cb\u7684\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\uff0c\u9019\u662f\u6d89\u53ca\u6b50\u6d32\u80fd\u6e90\u516c\u53f8\u7684\u4e00\u7cfb\u5217 <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=2092\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-2092","post","type-post","status-publish","format-standard","hentry","category-6"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2092","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2092"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2092\/revisions"}],"predecessor-version":[{"id":2416,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2092\/revisions\/2416"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2092"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2092"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2092"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}