{"id":3139,"date":"2024-05-17T16:15:11","date_gmt":"2024-05-17T08:15:11","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=3139"},"modified":"2024-05-17T16:17:16","modified_gmt":"2024-05-17T08:17:16","slug":"%e7%be%8e%e5%9c%8bcisa%e3%80%81fbi%e8%ad%a6%e5%91%8a%e9%86%ab%e7%99%82%e4%bf%9d%e5%81%a5%e7%b5%84%e7%b9%94%e6%87%89%e8%ad%a6%e6%83%95black-basta%e5%8b%92%e7%b4%a2%e8%bb%9f%e9%ab%94%e6%94%bb%e6%93%8a","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=3139","title":{"rendered":"\u7f8e\u570bCISA\u3001FBI\u8b66\u544a\u91ab\u7642\u4fdd\u5065\u7d44\u7e54 \u8b66\u60d5Black Basta\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"971\" height=\"762\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2024\/05\/image-7.png\" alt=\"\" class=\"wp-image-3140\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2024\/05\/image-7.png 971w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2024\/05\/image-7-300x235.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2024\/05\/image-7-768x603.png 768w\" sizes=\"auto, (max-width: 971px) 100vw, 971px\" \/><\/figure>\n\n\n\n<p>\u622a\u81f3 2024 \u5e74 5 \u6708\uff0c Black Basta \u52d2\u7d22\u8edf\u9ad4\u696d\u8005\u5df2\u4fb5\u5165\u5168\u7403 500 \u591a\u500b\u7d44\u7e54\u3002\u70ba\u4e86\u61c9\u5c0d\u4e0d\u65b7\u5347\u7d1a\u7684\u5a01\u8105\uff0c\u7f8e\u570b\u7db2\u8def\u5b89\u5168\u66a8\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40\uff08CISA\uff09\u8207\u7f8e\u570b\u806f\u90a6\u8abf\u67e5\u5c40\uff08FBI\uff09\u767c\u5e03\u4e86\u806f\u5408\u7db2\u8def\u5b89\u5168\u8aee\u8a62\uff0c\u8b66\u544aBlack Basta\u52d2\u7d22\u8edf\u9ad4\u696d\u4e0d\u65b7\u589e\u52a0\u7684\u6d3b\u52d5\uff0c\u8a72\u7d44\u7e54\u7684\u6d3b\u52d5\u5df2\u7d93\u5f71\u97ff\u4e86\u5305\u62ec\u91ab\u7642\u4fdd\u5065\u884c\u696d\u5728\u5167\u7684\u6578\u5341\u500b\u95dc\u9375\u57fa\u790e\u8a2d\u65bd\u7d44\u7e54\u3002<a href=\"https:\/\/socprime.com\/blog\/black-basta-ransomware-attack-detection-recent-malicious-campaigns-using-new-custom-tools-attributed-to-the-fin7-group\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u81f3\u5c11\u5f9e 2022 \u5e74\u6625\u5b63\u958b\u59cb\uff0cBlack Basta <\/a>\u5c31\u4ee5RaaS\u5f62\u5f0f\u904b\u71df\uff0c\u4e3b\u8981\u91dd\u5c0d\u5317\u7f8e\u3001\u6b50\u6d32\u548c\u6fb3\u6d32\u7684\u773e\u591a\u4f01\u696d\u548c\u95dc\u9375\u57fa\u790e\u8a2d\u65bd\u7d44\u7e54\u3002\u6839\u64da<a href=\"https:\/\/cisa.gov\/news-events\/cybersecurity-advisories\/aa24-131a\" target=\"_blank\" rel=\"noreferrer noopener\">\u806f\u5408\u7db2\u8def\u5b89\u5168\u8aee\u8a62 AA24-131A<\/a>\uff0c\u5728\u9577\u9054 2 \u5e74\u7684\u653b\u64ca\u6d3b\u52d5\u4e2d\uff0c\u8a72\u7d44\u7e54\u5df2\u5f71\u97ff\u4e86\u5168\u7403 500 \u591a\u500b\u7d44\u7e54\uff0c\u7a81\u986f\u4e86\u63d0\u9ad8\u7db2\u8def\u5b89\u5168\u610f\u8b58\u548c\u4e3b\u52d5\u9632\u79a6\u63aa\u65bd\u7684\u5fc5\u8981\u6027\u3002&nbsp;\u8d16\u91d1\u8981\u6c42\u56e0\u76ee\u6a19\u7d44\u7e54\u800c\u7570\uff0c\u6709\u5831\u544a\u7a31\u8d16\u91d1\u91d1\u984d\u53ef\u80fd\u9ad8\u9054 200 \u842c\u7f8e\u5143\u3002\u64da\u4f30\u8a08\uff0cBlack Basta \u5728\u4e0d\u5230\u5169\u5e74\u7684\u6642\u9593\u5167\u5f9e 90\u591a\u540d\u53d7\u5bb3\u8005\u90a3\u88e1\u7372\u5f97\u4e86\u8d85\u904e 1.07 \u5104\u7f8e\u5143\u7684\u8d16\u91d1\u6536\u5165\u3002 Black Basta \u901a\u5e38\u91dd\u5c0d\u88fd\u9020\u3001\u904b\u8f38\u3001\u5efa\u7bc9\u548c\u76f8\u95dc\u670d\u52d9\u3001\u96fb\u4fe1\u3001\u6c7d\u8eca\u696d\u548c\u91ab\u7642\u4fdd\u5065\u63d0\u4f9b\u8005\u3002\u8457\u540d\u7684\u53d7\u5bb3\u8005\u5305\u62ec\u5357\u65b9\u6c34\u52d9\u516c\u53f8(Southern Water)\u3001BionPharma\u3001M&amp;M Industries\u3001\u53ef\u53e3\u53ef\u6a02\u3001\u52a0\u62ff\u5927\u9ec3\u9801\u3001AgCo\u3001Capita\u3001ABB\u3001Merchant Schmidt\u3001Tag Aviation\u3001Blount Fine Foods\u7b49\u7b49\u3002<\/p>\n\n\n\n<p>\u6709<a href=\"https:\/\/thehackernews.com\/2022\/11\/researchers-find-links-bw-black-basta.html\" target=\"_blank\" rel=\"noreferrer noopener\">\u8b49\u64da<\/a>\u8868\u660eBlack Basta\u71df\u904b\u5546\u8207\u53e6\u4e00\u500b\u540d\u70ba<a href=\"https:\/\/thehackernews.com\/2024\/05\/fin7-hacker-group-leverages-malicious.html\" target=\"_blank\" rel=\"noreferrer noopener\">FIN7<\/a>\u7684\u7db2\u8def\u72af\u7f6a\u7d44\u7e54\u6709\u806f\u7e6b\uff0c\u8a72\u7d44\u7e54\u81ea 2020 \u5e74\u4ee5\u4f86\u5df2\u8f49\u5411\u5be6\u65bd\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u3002\u6d89\u53ca\u52d2\u7d22\u8edf\u9ad4\u7684\u653b\u64ca\u93c8\u4f9d\u8cf4BITSAdmin\u3001PsExec \u548c RDP \u7b49\u5be6\u7528\u7a0b\u5f0f\u3002\u4ed6\u5011\u9084\u53ef\u4ee5\u5229\u7528 Splashtop\u3001ScreenConnect\u548cCobalt Strike \u4fe1\u6a19\u9032\u884c\u9060\u7aef\u5b58\u53d6\u3002\u70ba\u4e86\u9032\u884c\u6b0a\u9650\u5347\u7d1a\uff0cBlack Basta \u4f7f\u7528Mimikatz\u7b49\u6191\u8b49\u6293\u53d6\u5be6\u7528\u7a0b\u5e8f\uff0c\u9084\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5229\u7528\uff0c\u4f8b\u5982\u6feb\u7528ZeroLogon\u3001CVE-2021-42287\u6216 PrintNightmare \u5df2\u77e5\u5b89\u5168\u6f0f\u6d1e\u3002<\/p>\n\n\n\n<p>Black Basta \u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u5229\u7528 RClone \u5f9e\u53d7\u611f\u67d3\u7684\u7cfb\u7d71\u4e2d\u7aca\u53d6\u8cc7\u6599\u3002\u5728\u8cc7\u6599\u5916\u6d29\u4e4b\u524d\uff0c\u4ed6\u5011\u5f80\u5f80\u6703\u900f\u904e PowerShell \u548c Backstab \u5be6\u7528\u7a0b\u5f0f\u9003\u907f\u5075\u6e2c\u3002\u7136\u5f8c\uff0c\u4ed6\u5011\u4f7f\u7528 ChaCha20 \u6f14\u7b97\u6cd5\u548c RSA-4096 \u516c\u9470\u5c0d\u6a94\u6848\u9032\u884c\u52a0\u5bc6\uff0c\u9644\u52a0\u96a8\u6a5f\u6a94\u6848\u526f\u6a94\u540d\uff0c\u4e26\u7559\u4e0b\u6a19\u984c\u70ba readme.txt \u7684\u52d2\u7d22\u5b57\u689d\uff0c\u540c\u6642\u963b\u7919\u7cfb\u7d71\u5fa9\u539f\u3002<\/p>\n\n\n\n<p>CISA \u8868\u793a\uff1a\u201c\u91ab\u7642\u4fdd\u5065\u7d44\u7e54\u56e0\u5176\u898f\u6a21\u3001\u6280\u8853\u4f9d\u8cf4\u6027\u3001\u500b\u4eba\u5065\u5eb7\u8cc7\u8a0a\u7684\u7372\u53d6\u4ee5\u53ca\u60a3\u8005\u8b77\u7406\u4e2d\u65b7\u7684\u7368\u7279\u5f71\u97ff\u800c\u6210\u70ba\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u7684\u6709\u5438\u5f15\u529b\u7684\u76ee\u6a19\u3002\u201d\u70ba\u4e86\u964d\u4f4e\u5165\u4fb5\u98a8\u96aa\uff0c\u9632\u79a6\u8005\u5efa\u8b70\u95dc\u9375\u7d44\u7e54\u5b89\u88dd\u6240\u6709\u5fc5\u8981\u7684\u8edf\u9ad4\u548c\u97cc\u9ad4\u66f4\u65b0\uff0c\u61c9\u7528\u591a\u56e0\u7d20\u8eab\u4efd\u9a57\u8b49\uff0c\u5b89\u5168\u9060\u7aef\u5b58\u53d6\u5de5\u5177\u5305\uff0c\u4e26\u7dad\u8b77\u95dc\u9375\u7cfb\u7d71\u548c\u8a2d\u5099\u914d\u7f6e\u7684\u5099\u4efd\u4ee5\u4fc3\u9032\u5fa9\u539f\u904e\u7a0b\u3002 CISA \u548c\u5408\u4f5c\u5925\u4f34\u4e5f\u5efa\u8b70\u61c9\u7528<a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2024-05\/aa24-131a-joint-csa-stopransomware-black-basta_1.pdf\">#StopRansomware<\/a>\u91dd\u5c0dBlack Basta\u6307\u5357\u4e2d\u63d0\u4f9b\u7684\u4e00\u822c\u7de9\u89e3\u63aa\u65bd\uff0c\u4ee5\u6d88\u9664\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u548c\u8cc7\u6599\u52d2\u7d22\u5a01\u8105\u7684\u5f71\u97ff\u548c\u53ef\u80fd\u6027\u3002\u96a8\u8457 Black Basta \u548c\u5176\u4ed6\u52d2\u7d22\u8edf\u9ad4\u91dd\u5c0d\u95dc\u9375\u57fa\u790e\u8a2d\u65bd\u7d44\u7e54\u7684\u653b\u64ca\u4e0d\u65b7\u589e\u52a0\uff0c\u6301\u7e8c\u52a0\u5f37\u7db2\u8def\u8b66\u89ba\u6027\u548c\u5f37\u5316\u9632\u79a6\u81f3\u95dc\u91cd\u8981\u3002<\/p>\n\n\n\n<p>\u6b64\u5916\uff0cFBI\u4e5f<a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2024-05\/aa24-131a-joint-csa-stopransomware-black-basta_1.pdf\">\u516c\u5e03<\/a>\u4e86Black Basta\u7684\u5165\u4fb5\u6307\u6a19\uff08IOCs\uff09:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"897\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2024\/05\/image-8-1024x897.png\" alt=\"\" class=\"wp-image-3141\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2024\/05\/image-8-1024x897.png 1024w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2024\/05\/image-8-300x263.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2024\/05\/image-8-768x673.png 768w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2024\/05\/image-8.png 1096w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>\u622a\u81f3 2024 \u5e74 5 \u6708\uff0c Black Basta \u52d2\u7d22\u8edf\u9ad4\u696d\u8005\u5df2\u4fb5\u5165\u5168\u7403 500 \u591a\u500b\u7d44\u7e54\u3002\u70ba\u4e86\u61c9\u5c0d\u4e0d\u65b7\u5347 <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=3139\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[229,174],"class_list":["post-3139","post","type-post","status-publish","format-standard","hentry","category-6","tag-cisa-fbi","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3139"}],"version-history":[{"count":3,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3139\/revisions"}],"predecessor-version":[{"id":3145,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3139\/revisions\/3145"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}