{"id":2713,"date":"2023-06-28T15:01:18","date_gmt":"2023-06-28T07:01:18","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=2713"},"modified":"2023-06-28T15:01:18","modified_gmt":"2023-06-28T07:01:18","slug":"%e5%85%a8%e7%90%83%e6%9c%89%e8%b6%85%e9%81%8e100%e7%b5%84%e7%b9%94%e5%9b%a0moveit%e6%bc%8f%e6%b4%9e%e5%8f%97%e5%88%b0%e5%bd%b1%e9%9f%bf%ef%bc%8c%e8%ad%89%e5%af%a6%e6%96%b0%e5%a2%9e%e5%8f%97%e5%ae%b3","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=2713","title":{"rendered":"\u5168\u7403\u6709\u8d85\u904e100\u7d44\u7e54\u56e0MOVEit\u6f0f\u6d1e\u53d7\u5230\u5f71\u97ff\uff0c\u8b49\u5be6\u65b0\u589e\u53d7\u5bb3\u8005\u5305\u62ec\u897f\u9580\u5b50\u80fd\u6e90\u3001\u65bd\u8010\u5fb7\u96fb\u6a5f\u3001UCLA\u3001\u7d10\u7d04\u5e02\u6559\u80b2\u5c40\u7b49"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"866\" height=\"584\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-10.png\" alt=\"\" class=\"wp-image-2714\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-10.png 866w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-10-300x202.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-10-768x518.png 768w\" sizes=\"auto, (max-width: 866px) 100vw, 866px\" \/><\/figure>\n\n\n\n<p>\u6700\u8fd1\u53d7\u5230MFT\u6a94\u6848\u5171\u4eab\u5de5\u5177MOVEit Transfer\u96f6\u6642\u5dee\u6f0f\u6d1e<a>CVE-2023-34362<\/a>\u7684\u5f71\u97ff\uff0c\u5c0e\u81f4\u7cfb\u7d71\u906d\u5230\u5165\u4fb5\u7684\u7d44\u7e54\u8d85\u904e100\u500b\u55ae\u4f4d\uff0c\u6628\u5929\u5e7e\u4f4d\u65b0\u7684\u53d7\u5bb3\u8005\u7ad9\u51fa\u4f86\u8b49\u5be6\u4e86\u906d\u5230\u5165\u4fb5\uff0c\u5305\u62ec\u52a0\u5dde\u5927\u5b78\u6d1b\u6749\u78ef\u5206\u6821 (UCLA) \u897f\u9580\u5b50\u80fd\u6e90(Siemens Energy)\u3001\u65bd\u8010\u5fb7\u96fb\u6a5f(Schneider Electric)\u3001\u7d10\u7d04\u5e02\u6559\u80b2\u5c40\u7b49\u3002UCLA\u8b49\u5be6\u8a72\u6821\u4f7f\u7528\u7684 MOVEit Transfer \u5de5\u5177\u662f\u6b64\u6b21\u653b\u64ca\u7684\u6838\u5fc3\uff0c\u4e26\u8868\u793a\u5176 IT\u5b89\u5168\u5718\u968a\u65bc 6 \u6708 1 \u65e5\u767c\u73fe\u8a72\u5de5\u5177\u6210\u70ba\u653b\u64ca\u76ee\u6a19\u3002\u6839\u64da<a href=\"https:\/\/www.scmagazine.com\/news\/business-continuity\/siemens-ucla-victims-moveit\">SC Media UCLA<\/a>\u7684\u5831\u5c0e\uff0c UCLA\u7684\u767c\u8a00\u4eba\u8868\u793a\uff0c\u52a0\u5dde\u5927\u5b78\u6d1b\u6749\u78ef\u5206\u6821\u7acb\u5373\u555f\u52d5\u4e86\u4e8b\u4ef6\u56de\u61c9\u7a0b\u5e8f\uff0c\u4f7f\u7528\u4e86<a href=\"https:\/\/community.progress.com\/s\/article\/MOVEit-Transfer-Critical-Vulnerability-31May2023\">Progress Software<\/a>\u767c\u5e03\u7684\u5b89\u5168\u4fee\u88dc\u4fee\u5fa9\u4e86\u8a72\u6f0f\u6d1e\uff0c\u52a0\u5f37\u4e86\u5c0d\u7cfb\u7d71\u7684\u76e3\u63a7\u4e26\u901a\u77e5\u4e86\u806f\u90a6\u8abf\u67e5\u5c40(FBI)\uff0c\u4e26\u8207\u5916\u90e8\u8cc7\u5b89\u5c08\u5bb6\u5408\u4f5c\u8abf\u67e5\u6b64\u4e8b\uff0c\u78ba\u8a8d\u4e86\u4e8b\u4ef6\u7684\u767c\u751f\u3001\u54ea\u4e9b\u6578\u64da\u53d7\u5230\u4e86\u5f71\u97ff\u4ee5\u53ca\u88ab\u76dc\u6578\u64da\u5c6c\u65bc\u8ab0\uff0c\u4e26\u9032\u4e00\u6b65\u901a\u77e5\u6240\u6709\u53d7\u5230\u5f71\u97ff\u7684\u4eba\u3002UCLA\u8868\u793a\u9019\u4e0d\u662f\u52d2\u7d22\u4e8b\u4ef6\uff0c\u4e5f\u6c92\u6709\u8b49\u64da\u8868\u660e\u5c0d\u4efb\u4f55\u5176\u4ed6\u6821\u5712\u7cfb\u7d71\u6709\u4efb\u4f55\u5f71\u97ff\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"595\" height=\"415\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-11.png\" alt=\"\" class=\"wp-image-2715\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-11.png 595w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-11-300x209.png 300w\" sizes=\"auto, (max-width: 595px) 100vw, 595px\" \/><figcaption class=\"wp-element-caption\">Cl0p\u516c\u958bUCLA\u6210\u70ba\u5176\u53d7\u5bb3\u8005<\/figcaption><\/figure>\n\n\n\n<p>\u6839\u64daSecurity Affairs\u7684<a href=\"https:\/\/securityaffairs.com\/147865\/data-breach\/schneider-electric-siemens-energy-moveit.html\">\u5831\u5c0e<\/a>\uff0c\u5de5\u696d\u5de8\u982d\u65bd\u8010\u5fb7\u96fb\u6a5f\u548c\u897f\u9580\u5b50\u80fd\u6e90\u4e5f\u6210\u70ba\u53d7\u5bb3\u8005\uff0c\u5169\u8005\u90fd\u63d0\u4f9b\u7528\u65bc\u5168\u7403\u95dc\u9375\u570b\u5bb6\u57fa\u790e\u8a2d\u65bd\u7684\u5de5\u696d\u63a7\u5236\u7cfb\u7d71 (ICS)\u3002\u897f\u9580\u5b50\u80fd\u6e90\u78ba\u8a8d\u5176\u5df2\u6210\u70ba\u653b\u64ca\u76ee\u6a19\uff1b\u4e0d\u904e\u8868\u793a\u6c92\u6709\u95dc\u9375\u6578\u64da\u88ab\u76dc\uff0c\u696d\u52d9\u71df\u904b\u4e5f\u6c92\u6709\u53d7\u5230\u5f71\u97ff\u3002\u897f\u9580\u5b50\u80fd\u6e90\u8868\u793a\uff0c\u6839\u64da\u76ee\u524d\u7684\u5206\u6790\uff0c\u6c92\u6709\u95dc\u9375\u6578\u64da\u53d7\u5230\u640d\u5bb3\uff0c\u71df\u904b\u4e5f\u6c92\u6709\u53d7\u5230\u5f71\u97ff\uff0c\u5728\u5f97\u77e5\u9019\u4e00\u4e8b\u4ef6\u5f8c\u7acb\u5373\u63a1\u53d6\u4e86\u884c\u52d5; \u800c\u65bd\u8010\u5fb7\u5247\u8868\u793a\u6b63\u5728\u8abf\u67e5\u8a72Cl0p\u7684\u8aaa\u6cd5\uff0c\u4f46\u4e26\u672a\u78ba\u8a8d\u906d\u5230\u5165\u4fb5\uff0c\u50c5\u8868\u793a\u4ed6\u5011\u6b63\u5728\u8abf\u67e5\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"673\" height=\"530\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-13.png\" alt=\"\" class=\"wp-image-2717\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-13.png 673w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-13-300x236.png 300w\" sizes=\"auto, (max-width: 673px) 100vw, 673px\" \/><figcaption class=\"wp-element-caption\">Cl0p\u516c\u958b\u65bd\u8010\u5fb7\u5247\u6210\u70ba\u5176\u53d7\u5bb3\u8005\u7684\u9801\u9762<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"683\" height=\"538\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-15.png\" alt=\"\" class=\"wp-image-2719\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-15.png 683w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2023\/06\/image-15-300x236.png 300w\" sizes=\"auto, (max-width: 683px) 100vw, 683px\" \/><\/figure>\n\n\n\n<p>Cl0p\u516c\u958b\u897f\u9580\u5b50\u80fd\u6e90\u6210\u70ba\u5176\u53d7\u5bb3\u8005<\/p>\n\n\n\n<p>\u53e6\u5916\uff0c6\u670824\u65e5(\u9031\u516d)\uff0c\u7d10\u7d04\u5e02\u6559\u80b2\u5c40<a href=\"https:\/\/www.schools.nyc.gov\/alerts\/alert-regarding-data-incident\">\u5831\u544a<\/a>\u7a31\uff0c\u99ed\u5ba2\u7aca\u53d6\u4e86\u7d04 45,000 \u540d\u5b78\u751f\u4ee5\u53ca\u5de5\u4f5c\u4eba\u54e1\u548c\u670d\u52d9\u63d0\u4f9b\u5546\u500b\u4eba\u8cc7\u8a0a\u3002\u5118\u7ba1\u8a72\u5e02\u7684\u8abf\u67e5\u4ecd\u5728\u9032\u884c\u4e2d\uff0c\u4f46\u8a72\u5e02\u6559\u80b2\u90e8\u5728\u4e00\u4efd\u6578\u64da\u5916\u6d29\u901a\u77e5\u4e2d\u8868\u793a\uff0c\u5927\u7d04 19,000 \u4efd\u6a94\u6848\u5728\u672a\u7d93\u6388\u6b0a\u7684\u60c5\u6cc1\u4e0b\u88ab\u5b58\u53d6\uff0c\u5176\u4e2d\u66b4\u9732\u4e869,000\u500b\u793e\u6703\u5b89\u5168\u865f\u78bc\u548c\u6578\u91cf\u4e0d\u8a73\u7684\u54e1\u5de5ID\u865f\u78bc\u3002\u8a72\u5e02\u8868\u793a\uff0c\u500b\u4eba\u5c07\u7372\u5f97\u8eab\u4efd\u76e3\u63a7\u670d\u52d9\uff0c\u806f\u90a6\u8abf\u67e5\u5c40\u548c\u7d10\u7d04\u8b66\u5bdf\u5c40\u6b63\u5728\u8abf\u67e5\u9019\u8d77\u653b\u64ca\u4e8b\u4ef6\u3002\u81ea6\u670814\u65e5\u4ee5\u4f86\uff0cCl0p \u4e00\u76f4\u5728\u5176\u6697\u7db2\u5916\u6d29\u7db2\u7ad9\u4e0a\u767c\u5e03\u53d7\u5bb3\u8005\u7684\u59d3\u540d\uff0c\u6bbc\u724c\u74b0\u7403(Shell)\u3001Telos\u3001\u8afe\u9813 LifeLock\u3001\u52a0\u5dde\u516c\u5171\u50f1\u54e1\u9000\u4f11\u7cfb\u7d71 ( CalPERS )\u3001\u666e\u83ef\u6c38\u9053(PWC)\u3001\u5b89\u6c38\u3001Sony\u7b49\u6578\u5341\u5bb6\u516c\u53f8\u5747\u88ab\u5217\u5165\u540d\u55ae\u3002MOVEit Transfer \u662f\u4e00\u7a2e\u8a17\u7ba1\u6a94\u6848\u50b3\u8f38\uff0c\u4f01\u696d\u53ef\u4ee5\u4f7f\u7528\u5b83\u901a\u904e SFTP\u3001SCP \u548c\u57fa\u65bc HTTP \u7684\u4e0a\u50b3\u4f86\u5b89\u5168\u5730\u50b3\u8f38\u6a94\u6848\u3002CVE-2023-34362\u6f0f\u6d1e\u662f\u4e00\u500bSQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u672a\u7d93\u8eab\u4efd\u9a57\u8b49\u7684\u653b\u64ca\u8005\u53ef\u4ee5\u5229\u7528\u5b83\u4f86\u7372\u5f97\u5c0dMOVEit Transfer\u6578\u64da\u5eab\u7684\u672a\u7d93\u6388\u6b0a\u7684\u5b58\u53d6\u3002Microsoft\u8a8d\u70baClop \u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54 \uff08\u53c8\u540d Lace Tempest \uff09\u767c\u8d77\u4e86\u5229\u7528MOVEit Transfer\u5e73\u53f0\u4e2d\u7684\u6f0f\u6d1e\u7684\u6d3b\u52d5\u30025\u670831\u65e5\uff0cProgress Software\u4fee\u88dcMOVEit\u7684<a href=\"https:\/\/community.progress.com\/s\/article\/MOVEit-Transfer-Critical-Vulnerability-31May2023\">CVE-2023-34362<\/a>\u6f0f\u6d1e\u5f8c\uff0c\u65bc6\u670810\u65e5\u53ca6\u670816\u65e5\u518d\u4fee\u88dc\u53e6\u5916\u5169\u500b\u540c\u6a23\u4f4d\u65bcMOVEit\u7684SQL Injection\u6f0f\u6d1e<a href=\"https:\/\/community.progress.com\/s\/article\/MOVEit-Transfer-Critical-Vulnerability-CVE-2023-35036-June-9-2023\">CVE-2023-35036<\/a>\u53ca<a href=\"https:\/\/community.progress.com\/s\/article\/MOVEit-Transfer-Critical-Vulnerability-15June2023\">CVE-2023-35708<\/a>\u3002MOVEit Transfer\u7528\u6236\u61c9\u5bc6\u5207\u6ce8\u610f\u4e26\u5373\u6642\u4fee\u88dc\u6240\u6709\u76f8\u95dc\u7684\u5b89\u5168\u66f4\u65b0\u3002<\/p>\n\n\n\n<p>6\u670817\u65e5\uff0c\u7f8e\u570b\u653f\u5e9c\u7684\u6b63\u7fa9\u734e\u52f5\uff08<a href=\"https:\/\/publish.twitter.com\/?query=https%3A%2F%2Ftwitter.com%2FRFJ_USA%2Fstatus%2F1669740545403437056&amp;widget=Tweet\">Rewards for Justice<\/a>\uff09\u8a08\u756b\u61f8\u8cde\u9ad8\u9054 1000 \u842c\u7f8e\u5143\uff0c\u4ee5\u7372\u53d6\u5c07Cl0p\u52d2\u7d22\u8edf\u9ad4\u96c6\u5718\u6216\u4efb\u4f55\u5176\u4ed6\u91dd\u5c0d\u7f8e\u570b\u95dc\u9375\u57fa\u790e\u8a2d\u65bd\u7684\u99ed\u5ba2\u8cc7\u8a0a\u3002<\/p>\n\n\n\n<p>MOVEit\u7684\u6f0f\u6d1e\u7684\u90e8\u5206\u5165\u4fb5\u6307\u6a19(Indicator of compromise -IOCs):<\/p>\n\n\n\n<p>fe5f8388ccea7c548d587d1e2843921c038a9f4ddad3cb03f3aa8a45c29c6a2f<\/p>\n\n\n\n<p>f994063b9fea6e4b401ee542f6b6d8d6d3b9e5082b5313adbd02c55dc6b4feb7<\/p>\n\n\n\n<p>ea433739fb708f5d25c937925e499c8d2228bf245653ee89a6f3d26a5fd00b7a<\/p>\n\n\n\n<p>e8012a15b6f6b404a33f293205b602ece486d01337b8b3ec331cd99ccadb562e<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6700\u8fd1\u53d7\u5230MFT\u6a94\u6848\u5171\u4eab\u5de5\u5177MOVEit Transfer\u96f6\u6642\u5dee\u6f0f\u6d1eCVE-2023-34362\u7684\u5f71\u97ff\uff0c\u5c0e\u81f4\u7cfb\u7d71 <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=2713\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[138],"class_list":["post-2713","post","type-post","status-publish","format-standard","hentry","category-6","tag-cl0p"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2713","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2713"}],"version-history":[{"count":1,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2713\/revisions"}],"predecessor-version":[{"id":2720,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/2713\/revisions\/2720"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2713"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2713"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2713"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}