{"id":4213,"date":"2026-03-20T10:35:06","date_gmt":"2026-03-20T02:35:06","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=4213"},"modified":"2026-03-20T10:36:32","modified_gmt":"2026-03-20T02:36:32","slug":"%e5%8b%92%e7%b4%a2%e8%bb%9f%e9%ab%94interlock-%e9%9b%b6%e6%99%82%e5%b7%ae%e6%94%bb%e6%93%8a%e6%9b%9d%e5%85%89%ef%bc%9acisco-fmc-%e9%ab%98%e9%a2%a8%e9%9a%aa%e6%bc%8f%e6%b4%9e%e6%97%a9%e5%b7%b2%e9%81%ad","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=4213","title":{"rendered":"\u52d2\u7d22\u8edf\u9ad4Interlock \u96f6\u6642\u5dee\u653b\u64ca\u66dd\u5149\uff1aCisco FMC \u9ad8\u98a8\u96aa\u6f0f\u6d1e\u65e9\u5df2\u906d\u6b66\u5668\u5316"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"692\" height=\"362\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/03\/image-5.jpeg\" alt=\"\" class=\"wp-image-4214\" style=\"width:692px;height:auto\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/03\/image-5.jpeg 692w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/03\/image-5-300x157.jpeg 300w\" sizes=\"auto, (max-width: 692px) 100vw, 692px\" \/><figcaption class=\"wp-element-caption\">Photo Credit: TheHackerNews<\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>2026 \u5e74 3 \u6708 4 \u65e5\uff0cCisco \u767c\u5e03\u8cc7\u5b89\u516c\u544a\uff0c\u63ed\u9732\u5176\u9632\u706b\u7246\u7ba1\u7406\u5e73\u53f0 Secure Firewall Management Center\uff08Secure FMC\uff09\u5b58\u5728\u5169\u9805\u91cd\u5927\u6f0f\u6d1e\uff1a<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-20079\">CVE-2026-20079<\/a> \u8207 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-20131\">CVE-2026-20131<\/a>\u3002\u5169\u8005\u7686\u5b58\u5728\u65bc Web \u7ba1\u7406\u4ecb\u9762\uff0c\u4e14 CVSS \u8a55\u5206\u9ad8\u9054 10 \u5206\uff0c\u5c6c\u65bc\u6700\u9ad8\u7b49\u7d1a\u98a8\u96aa\u3002<\/p>\n\n\n\n<p>\u7136\u800c\uff0c\u771f\u6b63\u7684\u554f\u984c\u4e0d\u5728\u65bc\u6f0f\u6d1e\u672c\u8eab\uff0c\u800c\u5728\u65bc\u2014\u2014<strong>\u7576\u6f0f\u6d1e\u88ab\u63ed\u9732\u6642\uff0c\u653b\u64ca\u5176\u5be6\u65e9\u5df2\u767c\u751f\u3002<\/strong><\/p>\n\n\n\n<p><strong>\u6f0f\u6d1e\u5c1a\u672a\u516c\u958b\uff0c\u653b\u64ca\u5df2\u7d93\u958b\u59cb<\/strong><\/p>\n\n\n\n<p>\u6839\u64da\u8cc7\u5b89\u5a92\u9ad4 The Hacker News <a href=\"https:\/\/thehackernews.com\/2026\/03\/interlock-ransomware-exploits-cisco-fmc.html\">\u5831\u5c0e<\/a>\uff0cAmazon \u5a01\u8105\u60c5\u5831\u5718\u968a\u6307\u51fa\uff0c\u52d2\u7d22\u8edf\u9ad4\u7d44\u7e54 Interlock \u65e9\u65bc 2026 \u5e74 1 \u6708 26 \u65e5\u5373\u5df2\u958b\u59cb\u5229\u7528 CVE-2026-20131 \u767c\u52d5\u5be6\u969b\u653b\u64ca\uff0c\u8f03\u8a72\u6f0f\u6d1e\u7684\u5b98\u65b9\u63ed\u9732\u6642\u9593\u63d0\u524d\u6574\u6574 36 \u5929\uff0c\u986f\u793a\u653b\u64ca\u8005\u5df2\u5177\u5099\u96f6\u6642\u5dee\u6f0f\u6d1e\u7684\u5be6\u6230\u904b\u7528\u80fd\u529b\u3002<\/p>\n\n\n\n<p>\u9019\u4ee3\u8868\u4ec0\u9ebc\uff1f<\/p>\n\n\n\n<p>\u9019\u4e0d\u662f\u55ae\u7d14\u7684\u6f0f\u6d1e\u5229\u7528\uff0c\u800c\u662f\u5178\u578b\u7684<strong>\u96f6\u6642\u5dee\uff08<\/strong><strong>Zero-Day<\/strong><strong>\uff09\u653b\u64ca\u5834\u666f<\/strong>\u2014\u2014<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u9632\u79a6\u65b9\u7121\u6cd5\u4fee\u88dc<\/li>\n\n\n\n<li>\u7121\u65e2\u6709\u5075\u6e2c\u7279\u5fb5<\/li>\n\n\n\n<li>\u653b\u64ca\u884c\u70ba\u5e7e\u4e4e\u7121\u6cd5\u9810\u8b66<\/li>\n<\/ul>\n\n\n\n<p>\u66f4\u503c\u5f97\u95dc\u6ce8\u7684\u662f\uff0cAmazon \u5728\u8abf\u67e5\u904e\u7a0b\u4e2d\uff0c\u56e0\u653b\u64ca\u8005\u57fa\u790e\u8a2d\u65bd\u8a2d\u5b9a\u5931\u8aa4\uff0c\u610f\u5916\u53d6\u5f97 Interlock \u7684\u5b8c\u6574\u5de5\u5177\u93c8\uff0c\u9032\u4e00\u6b65\u9084\u539f\u5176\u653b\u64ca\u6d41\u7a0b\u3001RAT \u60e1\u610f\u7a0b\u5f0f\u3001\u5075\u67e5\u8173\u672c\u8207\u8eb2\u907f\u5075\u6e2c\u7684\u6280\u8853\u7d30\u7bc0\u3002<\/p>\n\n\n\n<p>\u9019\u8b93\u6574\u8d77\u653b\u64ca\u5f9e\u300c\u4e8b\u4ef6\u300d\u5347\u7d1a\u70ba\u300c\u53ef\u5b8c\u6574\u89e3\u6790\u7684\u653b\u64ca\u6a21\u578b\u300d\u3002<\/p>\n\n\n\n<p><strong>\u6838\u5fc3\u6f0f\u6d1e\u89e3\u6790\uff1a\u76f4\u63a5\u53d6\u5f97 Root <\/strong><strong>\u7684\u5165\u53e3<\/strong><\/p>\n\n\n\n<p>CVE-2026-20131 \u672c\u8cea\u70ba\u4e00\u500b\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\uff08RCE\uff09\u6f0f\u6d1e\uff0c\u6e90\u81ea Java \u53cd\u5e8f\u5217\u5316\u6a5f\u5236\u7684\u4e0d\u5b89\u5168\u8a2d\u8a08\u3002<\/p>\n\n\n\n<p>\u653b\u64ca\u8005\u53ef\u900f\u904e Web \u7ba1\u7406\u4ecb\u9762\u50b3\u9001\u7279\u88fd\u7684 Java \u5e8f\u5217\u5316\u7269\u4ef6\uff0c\u4e00\u65e6\u89f8\u767c\u6f0f\u6d1e\uff0c\u5373\u53ef\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u7121\u9700\u9a57\u8b49\uff08Unauthenticated\uff09<\/li>\n\n\n\n<li>\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc<\/li>\n\n\n\n<li>\u76f4\u63a5\u53d6\u5f97\u7cfb\u7d71 <strong>root <\/strong><strong>\u6b0a\u9650<\/strong><\/li>\n<\/ul>\n\n\n\n<p>\u9019\u610f\u5473\u8457\uff0c\u653b\u64ca\u8005\u53ef\u4ee5\u5728\u6c92\u6709\u4efb\u4f55\u5e33\u5bc6\u7684\u60c5\u6cc1\u4e0b\uff0c\u5b8c\u5168\u63a5\u7ba1 FMC \u7cfb\u7d71\uff0c\u9032\u800c\u5f71\u97ff\u6574\u500b\u7db2\u8def\u5b89\u5168\u67b6\u69cb\u3002<\/p>\n\n\n\n<p><strong>\u653b\u64ca\u5982\u4f55\u767c\u751f\uff1a\u5f9e\u4e00\u500b\u8acb\u6c42\u958b\u59cb\u7684\u5165\u4fb5\u93c8<\/strong><\/p>\n\n\n\n<p>Interlock \u7684\u653b\u64ca\u4e26\u975e\u55ae\u9ede exploit\uff0c\u800c\u662f\u4e00\u689d\u8a2d\u8a08\u7cbe\u5bc6\u7684\u591a\u968e\u6bb5\u653b\u64ca\u93c8\u3002<\/p>\n\n\n\n<p>\u653b\u64ca\u59cb\u65bc\u5c0d Secure FMC \u7279\u5b9a\u8def\u5f91\u767c\u9001\u7684 HTTP \u8acb\u6c42\u3002\u9019\u500b\u8acb\u6c42\u4e2d\u5305\u542b\u60e1\u610f Java \u7a0b\u5f0f\u78bc\uff0c\u4ee5\u53ca\u5169\u500b\u95dc\u9375\u7684\u5d4c\u5165\u7db2\u5740\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u7b2c\u4e00\u500b\u7db2\u5740\uff1a\u50b3\u9001\u6f0f\u6d1e\u5229\u7528\u6240\u9700\u7684\u7d44\u614b\u8cc7\u6599<\/li>\n\n\n\n<li>\u7b2c\u4e8c\u500b\u7db2\u5740\uff1a\u5f15\u5c0e\u53d7\u5bb3\u7cfb\u7d71\u767c\u9001 HTTP PUT \u8acb\u6c42\uff0c\u4e0a\u50b3\u7279\u5b9a\u6a94\u6848\uff0c\u7528\u65bc\u56de\u5831 exploit \u662f\u5426\u6210\u529f<\/li>\n<\/ul>\n\n\n\n<p>\u9019\u500b\u300c\u56de\u50b3\u6a5f\u5236\u300d\u8b93\u653b\u64ca\u8005\u80fd\u5373\u6642\u78ba\u8a8d\u54ea\u4e9b\u7cfb\u7d71\u5df2\u6210\u529f\u88ab\u653b\u9677\uff0c\u9032\u800c\u81ea\u52d5\u5316\u5f8c\u7e8c\u653b\u64ca\u6d41\u7a0b\u3002<\/p>\n\n\n\n<p><strong>\u6210\u529f\u5165\u4fb5\u5f8c\uff1a\u771f\u6b63\u7684\u653b\u64ca\u624d\u958b\u59cb<\/strong><\/p>\n\n\n\n<p>\u4e00\u65e6\u6f0f\u6d1e\u6210\u529f\u89f8\u767c\uff0c\u53d7\u5bb3\u7cfb\u7d71\u5c07\u5f9e\u9060\u7aef\u4f3a\u670d\u5668\u4e0b\u8f09 ELF \u4e8c\u9032\u4f4d\u6a94\u4e26\u57f7\u884c\uff0c\u6b63\u5f0f\u9032\u5165\u7b2c\u4e8c\u968e\u6bb5\u3002<\/p>\n\n\n\n<p>\u63a5\u8457\uff0cInterlock \u6703\u90e8\u7f72\u5176\u5b8c\u6574\u653b\u64ca\u5de5\u5177\u5305\uff0c\u4e26\u5c55\u958b\u4e00\u7cfb\u5217\u884c\u52d5\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u74b0\u5883\u5075\u67e5\uff08Reconnaissance<\/strong><strong>\uff09<\/strong><br>\u4f7f\u7528 PowerShell \u8173\u672c\u8490\u96c6\u7cfb\u7d71\u8cc7\u8a0a\u3001\u5e33\u865f\u8cc7\u6599\u3001\u700f\u89bd\u5668\u6191\u8b49\u8207\u7db2\u8def\u72c0\u614b<\/li>\n\n\n\n<li><strong>\u6301\u4e45\u63a7\u5236\uff08Persistence &amp; C2<\/strong><strong>\uff09<\/strong><br>\u90e8\u7f72\u5ba2\u88fd\u5316 RAT\uff0c\u652f\u63f4\u9060\u7aef\u6307\u4ee4\u57f7\u884c\u3001\u6a94\u6848\u50b3\u8f38\u8207\u4ee3\u7406\u901a\u9053<\/li>\n\n\n\n<li><strong>\u6a6b\u5411\u79fb\u52d5\uff08Lateral Movement<\/strong><strong>\uff09<\/strong><br>\u5efa\u7acb SOCKS5 proxy\uff0c\u8b93\u653b\u64ca\u8005\u53ef\u5728\u5167\u7db2\u81ea\u7531\u79fb\u52d5<\/li>\n\n\n\n<li><strong>\u96b1\u533f\u8207\u53cd\u9451\u8b58\uff08Defense Evasion<\/strong><strong>\uff09<\/strong><br>\u6e05\u9664\u7cfb\u7d71 log\u3001\u95dc\u9589\u64cd\u4f5c\u7d00\u9304\uff0c\u751a\u81f3\u4f7f\u7528\u8a18\u61b6\u9ad4\u578b Web Shell \u907f\u514d\u843d\u5730\u6a94\u6848<\/li>\n<\/ul>\n\n\n\n<p>\u5728\u90e8\u5206\u6848\u4f8b\u4e2d\uff0c\u653b\u64ca\u8005\u751a\u81f3\u6feb\u7528\u5408\u6cd5\u5de5\u5177\uff0c\u4f8b\u5982 ConnectWise ScreenConnect\uff0c\u4f5c\u70ba\u6301\u4e45\u5b58\u53d6\u624b\u6bb5\uff0c\u9032\u4e00\u6b65\u63d0\u9ad8\u96b1\u853d\u6027\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"692\" height=\"249\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/03\/image-6.jpeg\" alt=\"\" class=\"wp-image-4215\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/03\/image-6.jpeg 692w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/03\/image-6-300x108.jpeg 300w\" sizes=\"auto, (max-width: 692px) 100vw, 692px\" \/><\/figure>\n\n\n\n<p><strong>\u9019\u8d77\u4e8b\u4ef6\u771f\u6b63\u7684\u8b66\u8a0a<\/strong><\/p>\n\n\n\n<p>\u9019\u8d77\u653b\u64ca\u63ed\u9732\u4e86\u4e00\u500b\u95dc\u9375\u73fe\u5be6\uff1a<\/p>\n\n\n\n<p><strong>\u4f01\u696d\u9632\u79a6\u7684\u6700\u5927\u76f2\u9ede\uff0c\u4e0d\u662f\u6f0f\u6d1e\uff0c\u800c\u662f\u300c\u6f0f\u6d1e\u88ab\u5229\u7528\u7684\u6642\u9593\u5dee\u300d\u3002<\/strong><\/p>\n\n\n\n<p>\u5373\u4f7f\u4f01\u696d\u5177\u5099\u5b8c\u5584\u7684\u4fee\u88dc\u6a5f\u5236\uff0c\u4e5f\u7121\u6cd5\u9632\u79a6\u5c1a\u672a\u516c\u958b\u7684\u6f0f\u6d1e\u3002\u7576\u653b\u64ca\u767c\u751f\u5728\u63ed\u9732\u4e4b\u524d\uff0c\u50b3\u7d71\u4ee5 Patch \u70ba\u6838\u5fc3\u7684\u9632\u79a6\u7b56\u7565\u5c07\u5b8c\u5168\u5931\u6548\u3002<\/p>\n\n\n\n<p>\u9019\u4e5f\u662f\u70ba\u4ec0\u9ebc\u300c\u7e31\u6df1\u9632\u79a6\uff08Defense-in-Depth\uff09\u300d\u5df2\u6210\u70ba\u5fc5\u8981\u689d\u4ef6\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u55ae\u4e00\u9632\u7dda\uff08\u5982\u9632\u706b\u7246\u6216\u4fee\u88dc\uff09\u4e0d\u518d\u8db3\u5920<\/li>\n\n\n\n<li>\u5fc5\u9808\u7d50\u5408\u884c\u70ba\u5075\u6e2c\u3001\u7aef\u9ede\u9632\u8b77\u8207\u7db2\u8def\u76e3\u63a7<\/li>\n\n\n\n<li>\u5f37\u5316\u53ef\u898b\u6027\u8207\u5373\u6642\u61c9\u8b8a\u80fd\u529b<\/li>\n<\/ul>\n\n\n\n<p><strong>\u8da8\u52e2\u89c0\u5bdf\uff1a\u52d2\u7d22\u8edf\u9ad4\u6b63\u8f49\u5411\u908a\u754c\u8a2d\u5099<\/strong><\/p>\n\n\n\n<p>\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u9019\u4e26\u975e\u55ae\u4e00\u4e8b\u4ef6\u3002\u6839\u64da Google \u7684\u89c0\u5bdf\uff0c\u52d2\u7d22\u8edf\u9ad4\u653b\u64ca\u6b63\u9010\u6f38\u8f49\u5411\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VPN \/ Firewall \u7b49\u908a\u754c\u8a2d\u5099\u6f0f\u6d1e<\/li>\n\n\n\n<li>\u6e1b\u5c11\u5c0d\u5916\u90e8\u5de5\u5177\u4f9d\u8cf4\uff0c\u6539\u7528\u7cfb\u7d71\u5167\u5efa\u529f\u80fd\uff08LOLBins\uff09<\/li>\n\n\n\n<li>\u5f37\u5316\u8cc7\u6599\u5916\u6d29\u8207\u96d9\u91cd\u52d2\u7d22\u6a21\u5f0f<\/li>\n<\/ul>\n\n\n\n<p>\u7576\u50b3\u7d71\u52d2\u7d22\u6536\u76ca\u4e0b\u964d\uff0c\u653b\u64ca\u8005\u7684\u7b56\u7565\u6b63\u8b8a\u5f97\u66f4\u52a0\u7cbe\u6e96\u4e14\u9ad8\u6548\u3002<\/p>\n\n\n\n<p><strong>\u7d50\u8a9e<\/strong><\/p>\n\n\n\n<p>Interlock \u5229\u7528 CVE-2026-20131 \u7684\u884c\u52d5\uff0c\u4e0d\u50c5\u662f\u4e00\u5834\u6210\u529f\u7684\u5165\u4fb5\u6848\u4f8b\uff0c\u66f4\u662f\u4e00\u500b\u660e\u78ba\u7684\u8b66\u8a0a\uff1a<\/p>\n\n\n\n<p>\u5728\u96f6\u6642\u5dee\u653b\u64ca\u6210\u70ba\u5e38\u614b\u7684\u4eca\u5929\uff0c\u5b89\u5168\u7684\u95dc\u9375\u4e0d\u518d\u53ea\u662f\u300c\u662f\u5426\u4fee\u88dc\u300d\uff0c\u800c\u662f\u300c\u662f\u5426\u5177\u5099\u5728\u672a\u77e5\u5a01\u8105\u4e0b\u6301\u7e8c\u9632\u79a6\u7684\u80fd\u529b\u300d\u3002<\/p>\n\n\n\n<p>\u7576\u653b\u64ca\u5df2\u7d93\u767c\u751f\uff0c\u4f60\u662f\u5426\u770b\u5f97\u898b\uff1f<br>\u7576\u9632\u7dda\u88ab\u7a81\u7834\uff0c\u4f60\u662f\u5426\u9084\u6709\u4e0b\u4e00\u5c64\u9632\u8b77\uff1f<\/p>\n\n\n\n<p>\u9019\uff0c\u624d\u662f\u73fe\u4ee3\u8cc7\u5b89\u771f\u6b63\u7684\u6230\u5834\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>2026 \u5e74 3 \u6708 4 \u65e5\uff0cCisco \u767c\u5e03\u8cc7\u5b89\u516c\u544a\uff0c\u63ed\u9732\u5176\u9632\u706b\u7246\u7ba1\u7406\u5e73\u53f0 Secure Firewall  <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=4213\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174],"class_list":["post-4213","post","type-post","status-publish","format-standard","hentry","category-6","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4213","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4213"}],"version-history":[{"count":1,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4213\/revisions"}],"predecessor-version":[{"id":4216,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4213\/revisions\/4216"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4213"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4213"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4213"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}