{"id":3231,"date":"2024-07-17T17:45:09","date_gmt":"2024-07-17T09:45:09","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=3231"},"modified":"2024-07-17T17:46:40","modified_gmt":"2024-07-17T09:46:40","slug":"%e5%a4%9a%e5%80%8b%e5%8b%92%e7%b4%a2%e8%bb%9f%e9%ab%94%e6%8c%81%e7%ba%8c%e5%88%a9%e7%94%a8veeam%e5%8e%bb%e5%b9%b4%e4%bf%ae%e8%a3%9c%e7%9a%84backup-replication%e4%b8%ad%e7%9a%84%e9%ab%98%e9%a2%a8","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=3231","title":{"rendered":"\u591a\u500b\u52d2\u7d22\u8edf\u9ad4\u6301\u7e8c\u5229\u7528Veeam\u53bb\u5e74\u4fee\u88dc\u7684Backup & Replication\u4e2d\u7684\u9ad8\u98a8\u96aa\u6f0f\u6d1e"},"content":{"rendered":"\n

\u5229\u7528\u8a72\u6f0f\u6d1eAkira\u52d2\u7d22\u8edf\u9ad4\uff0c\u5f9e\u521d\u59cb\u767b\u5165\u5230\u8cc7\u6599\u6d29\u9732\u7684\u6574\u500b\u64cd\u4f5c\uff0c\u50c5\u82b1\u4e86 133 \u5206\u9418<\/strong>\u3002<\/p>\n\n\n\n

\"\"
Photo Credit: Veeam<\/figcaption><\/figure>\n\n\n\n

\u5099\u4efd\u8edf\u9ad4Veeam Backup & Replication\u4e2d\u7684\u6f0f\u6d1eCVE-2023-27532<\/a>\uff08CVSS\u98a8\u96aa\u8a55\u70ba7.5\u5206\uff09\uff0c\u6b64\u6f0f\u6d1e\u7684\u6839\u6e90\u767c\u751f\u5728Veeam.Backup.Service.exe\u5143\u4ef6\u3002\u7db2\u8def\u653b\u64ca\u8005\u53ef\u4ee5\u5229\u7528\u9019\u500b\u6f0f\u6d1e\u4f86\u53d6\u5f97\u7d44\u614b\u8cc7\u6599\u5eab(configuration database)\u4e2d\u5132\u5b58\u7684\u52a0\u5bc6\u6191\u8b49\uff0c\u5f9e\u4e2d\u53d6\u5f97\u5099\u4efd\u57fa\u790e\u8a2d\u65bd\u4e3b\u6a5f(backup infrastructure hosts)\u7684\u5b58\u53d6\u6b0a\u9650\u3002<\/p>\n\n\n\n

\u8a72\u6f0f\u6d1e\u5df2\u65bc2023\u5e743\u6708\u7372\u5f97\u4fee\u88dc\uff0c\u4e0d\u4e45\u5f8c\u8a72\u6f0f\u6d1e\u7684PoC\u6f0f\u6d1e\u5229\u7528\u7a0b\u5f0f\u78bc(PoC exploit code)\u4e5f\u88ab\u516c\u958b\u767c\u5e03\u3002<\/p>\n\n\n\n

\u6709\u95dc\u5c08\u5bb6\u89c0\u5bdf\u5230\uff0c\u4fc4\u7f85\u65af\u7db2\u8def\u72af\u7f6a\u7d44\u7e54FIN7\u81ea2023\u5e744\u6708\u4ee5\u4f86\u4e00\u76f4\u5728\u5229\u7528\u8a72\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

2023\u5e748\u6708\uff0c\u767c\u73fe\u53e4\u5df4\u52d2\u7d22\u8edf\u9ad4\u96c6\u5718\u5229\u7528\u8a72\u6f0f\u6d1e\u9032\u884c\u653b\u64ca\u5f8c\u4e0d\u4e45\uff0c\u7f8e\u570b\u7db2\u969b\u5b89\u5168\u66a8\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u5c40CISA\u5c07 CVE-2023-27532 \u589e\u52a0<\/a><\/a>\u5230\u5176\u5df2\u77e5\u906d\u6feb\u7528\u4e4b\u6f0f\u6d1e\u6e05\u55ae\u4e2d\u3002<\/p>\n\n\n\n

\u65b0\u52a0\u5761\u5a01\u8105\u60c5\u5831\u516c\u53f8Group-IB\u7814\u7a76\u4eba\u54e1\u4e5f\u767c\u73fe\u4e86\u4e00\u500b\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54\u5229\u7528\u4e86 Veeam Backup & Replication\u4e2d\u7684\u6f0f\u6d1e\u3002\u6709\u95dc\u5c08\u5bb6\u7684\u5831\u544a\u6307\u51fa\uff0c2024\u5e744\u6708\uff0cEstateRansomware\u52d2\u7d22\u8edf\u9ad4\u96c6\u5718\u4f7f\u7528PoC\u6f0f\u6d1e\u5229\u7528\u7a0b\u5f0f\u78bc\u4f86\u653b\u64ca\u6f0f\u6d1eCVE-2023-27532\u3002<\/p>\n\n\n\n

\u5728\u7db2\u8def\u5b89\u5168\u516c\u53f8BlackBerry <\/a>\u7684\u5831\u544a\u4e2d\u63ed\u9732\uff0c\u65bc2024\u5e746\u6708\uff0c\u7db2\u8def\u653b\u64ca\u5718\u9ad4\u5229\u7528Akira\u52d2\u7d22\u8edf\u9ad4<\/a>\u653b\u64ca\u4e86\u4e00\u5bb6\u62c9\u4e01\u7f8e\u6d32\u822a\u7a7a\u516c\u53f8\u3002\u5c0d\u76ee\u6a19\u7db2\u8def\u7684\u521d\u59cb\u5b58\u53d6\u662f\u900f\u904e Secure Shell (SSH) \u5354\u5b9a\u9032\u884c\u7684\uff0c\u653b\u64ca\u8005\u5728\u7b2c\u4e8c\u5929\u90e8\u7f72Akira\u52d2\u7d22\u8edf\u9ad4\u4e4b\u524d\u7aca\u53d6\u4e86\u95dc\u9375\u8cc7\u6599\u3002\u4e00\u65e6\u8cc7\u6599\u5916\u6d29\u6210\u529f\uff0c\u653b\u64ca\u8005\u5c31\u6703\u90e8\u7f72\u52d2\u7d22\u8edf\u9ad4\u4f86\u52a0\u5bc6\u53d7\u611f\u67d3\u7684\u7cfb\u7d71\u3002Akira\u662f\u4e00\u7a2e\u52d2\u7d22\u8edf\u9ad4\uff0c\u5229\u7528CVE-2023-27532\u7684\u6f0f\u6d1e\u4f86\u653b\u64ca\u9396\u5b9a\u7684\u76ee\u6a19\u3001\u5275\u5efa\u672a\u6388\u6b0a\u5e33\u6236\u4e26\u7aca\u53d6\u53d7\u5bb3\u8005\u6578\u64da\u3002\u4e00\u65e6\u9032\u5165\u7db2\u7d61\uff0c\u653b\u64ca\u8005\u5c31\u6703\u5275\u5efa\u4e00\u500b\u540d\u70ba\u201cbackup\u201d\u7684account\uff0c\u4e26\u5c07\u5176\u589e\u52a0\u5230\u7ba1\u7406\u54e1\u7fa4\u7d44\u4e2d\u4ee5\u78ba\u4fdd\u63d0\u5347\u7684\u6b0a\u9650\u3002\u653b\u64ca\u8005\u90e8\u7f72\u4e86\u5408\u6cd5\u7684\u7db2\u8def\u7ba1\u7406\u5de5\u5177Advanced IP Scanner\u4f86\u6383\u63cf\u900f\u904eroute print\u8b58\u5225\u7684\u672c\u5730\u5b50\u7db2\u8def\u3002\u6574\u500b\u64cd\u4f5c\uff0c\u5f9e\u521d\u59cb\u5165\u4fb5\u5230\u8cc7\u6599\u6d29\u9732\uff0c\u50c5\u82b1\u4e86 133 \u5206\u9418\u3002<\/p>\n\n\n\n

\u64da\u4e86\u89e3\uff0c\u64cd\u4f5cAkira\u7684\u99ed\u5ba2\u5718\u9ad4\u53ef\u80fd\u5229\u7528\u4f01\u696d\u5c1a\u672a\u4fee\u88dc\u7684Veeam Backup & Replication\u6f0f\u6d1e\uff0c\u9032\u800c\u57f7\u884c\u521d\u59cb\u5b58\u53d6\u3001\u90e8\u7f72\u5404\u7a2e\u5f8c\u8105\u8feb(post-exploitation)\u5de5\u5177\u3001\u57f7\u884cActive Directory\u5075\u5bdf\u4e26\u7671\u7613\u5b89\u5168\u9632\u8b77\u7522\u54c1\u3002<\/p>\n\n\n\n

Veeam\u5099\u4efd\u8cc7\u6599\u7684\u6240\u6709\u6b0a\u662f\u900f\u904eVeeam\u5099\u4efd\u8cc7\u6599\u593e\u53d6\u5f97\u7684\uff0c\u800c\u7db2\u8def\u653b\u64ca\u8005\u5247\u5f9e\u5176\u4ed6\u7cfb\u7d71\u58d3\u7e2e\u548c\u4e0a\u50b3\u8cc7\u6599\u3002\u6b64\u5099\u4efd\u4e2d\u5305\u542b\u6587\u4ef6\u3001\u5716\u50cf\u548c\u96fb\u5b50\u8868\u683c\u7b49\u5e38\u898b\u7684\u6587\u4ef6\u985e\u578b\uff0c\u52d2\u7d22\u8edf\u9ad4\u96c6\u5718\u4f01\u5716\u85c9\u7531\u6536\u96c6\u4e26\u5229\u7528\u6a5f\u5bc6\u548c\u6709\u50f9\u503c\u7684\u6578\u64da\u4f86\u7372\u53d6\u81ea\u5df1\u7684\u7d93\u6fdf\u5229\u76ca\u3002<\/p>\n\n\n\n

Veeam \u6f0f\u6d1e\u4e8b\u4ef6\u7684\u90e8\u5206\u7684\u5165\u4fb5\u6307\u6a19\uff08IOCs\uff09:<\/p>\n\n\n\n

2c56e9beea9f0801e0110a7dc5549b4fa0661362                 <\/p>\n\n\n\n

5e460a517f0579b831b09ec99ef158ac0dd3d4fa                 <\/p>\n\n\n\n

107ec3a7ed7ad908774ad18e3e03d4b999d4690c<\/p>\n","protected":false},"excerpt":{"rendered":"

\u5229\u7528\u8a72\u6f0f\u6d1eAkira\u52d2\u7d22\u8edf\u9ad4\uff0c\u5f9e\u521d\u59cb\u767b\u5165\u5230\u8cc7\u6599\u6d29\u9732\u7684\u6574\u500b\u64cd\u4f5c\uff0c\u50c5\u82b1\u4e86 133 \u5206\u9418\u3002 \u5099\u4efd\u8edf\u9ad4Veeam Ba READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174],"class_list":["post-3231","post","type-post","status-publish","format-standard","hentry","category-6","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3231"}],"version-history":[{"count":1,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3231\/revisions"}],"predecessor-version":[{"id":3233,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/3231\/revisions\/3233"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}