GhostPosterÒþд¹¥»÷£ºFirefoxÀ©´ó°µ²ØÎ£»ú

°ä²¼¹¦·ò 2025-12-18

1. GhostPosterÒþд¹¥»÷£ºFirefoxÀ©´ó°µ²ØÎ£»ú


12ÔÂ16ÈÕ £¬Koi Security×êÑÐÈËÔ±¸æ·¢Ò»ÏîÃûΪ"GhostPoster"µÄÐÂÐÍÍøÂç¹¥»÷»î¶¯ £¬¸Ã»î¶¯Í¨¹ý½«JavaScript´úÂë°µ²Ø±ÉÈËÔØÁ¿³¬5Íò´ÎµÄFirefox¶ñÒâÀ©´ó·¨Ê½Í¼Ïñ»Õ±êÖÐ £¬ÊµÏÖä¯ÀÀÆ÷¼à¿ØÓëºóÃÅÖ²Èë¡£¶ñÒâ´úÂ븳Óè¹¥»÷ÕßÓÆ¾Ã¸ßȨÏÞ½Ó¼ûÄÜÁ¦ £¬¿É½Ù³ÖµçÉÌÁªÃËÁ´½Ó¡¢×¢Èë¸ú×Ù´úÂë¡¢Ö´Ðеã»÷¼°¸æ°×ڲƭ £¬²¢ÒƳýHTTPÏìÓ¦Öеݲȫ±êÍ·¡£¸Ã¹¥»÷ѡȡÒñ±Î¼ÓÔØÆ÷»úÔ죺°µ²Ø¾ç±¾Ã¿Ê®´Î³¢ÊÔ½ö»ñȡһ´ÎÓÐÐ§ÔØºÉ £¬¹²Í¬48Ó×ʱ¼¤»îÑÓ³¤¼°±¸ÓÃÓòÃûÉè¼Æ £¬´ó·ù½µµÍ±»½»Í¨¼à¿Ø¹¤¾ß¼ì²âµÄ·çÏÕ¡£ÓÐÐ§ÔØºÉ¾­´óÓ×д»¥»»¡¢Base64±àÂë¼°Òì»ò¼ÓÃÜ´¦Öà £¬ÐèʹÓÃÀ©´ó·¨Ê½ÔËÐÐʱIDÅÉÉúÃÜÔ¿½âÂë¡£×îÖÕÔØºÉ¾ß±¸¶à³Á¶ñÒâÖ°ÄÜ£ºÔÚËùÓÐÒ³Ãæ×¢ÈëGoogle Analytics¸ú×Ù´úÂ룻ͨ¹ýÈýÖÖ»úÔìÈÆ¹ýÑéÖ¤Â룻עÈë15Ãëºó×Ô¶¯É¾³ýµÄ²»Ë½¼ûiframe½øÐиæ°×ڲƭ£»½Ù³ÖÁªÃËÁ´½Ó½«Ó¶½ð³Á¶¨ÏòÖÁ¹¥»÷Õß¡£×êÑмø±ð³ö17¸ö±»ÈëÇÖµÄFirefoxÀ©´ó·¨Ê½ £¬¾ùÀ´×ÔÈȵãÀà±ðÈç"ÓÀÔ¼ûâ·ÑVPN""×î¼ÑÆøÏóÔ¤±¨""crxmouseÊÖÊÆ"µÈ¡£


https://www.bleepingcomputer.com/news/security/ghostposter-attacks-hide-malicious-javascript-in-firefox-addon-logos/


2. ÑÇÂíÑ·×è¶Ï¶íÂÞ˹GRUºÚ¿Í¹¥»÷


12ÔÂ16ÈÕ £¬ÑÇÂíÑ·Íþвµý±¨ÍŶӳɹ¦×èÖ¹Á˶íÂÞ˹¶Ô±í¾üʵý±¨»ú¹¹GRUÆìϺڿÍÕë¶Ô¿Í»§ÔÆ»ù´¡ÉèÊ©µÄ³ÖÐø¹¥»÷»î¶¯¡£¸ÃÐж¯×Ô2021ÄêÆð¾Û½¹Î÷·½¹Ø¼ü»ù´¡ÉèÊ© £¬ÓÈÆäÊÇÄÜÔ´ÁìÓò £¬²¢³öÏÖÕ½ÊõÑݱäÌØµã£º¹¥»÷Õß´ÓÒÀÀµÁãÈÕ·ì϶ÓëÒÑÖª·ì϶תÏò¶Ô×¼ÅäÖÃÃýÎóµÄ±ßÔµÉ豸 £¬ÈçÆóҵ·ÓÉÆ÷¡¢VPNÍø¹Ø¡¢ÍøÂçÖÎÀíÉ豸¼°ÔƺÏ×÷ƽ̨ £¬Í¨¹ý¶³öµÄÖÎÀí½Ó»°±úÏÖ"µÍͶÈë¸ß»Ø±¨"µÄ³ÖÐø½Ó¼û¡£ÑÇÂíÑ·Ê×ϯÐÅÏ¢°²È«¹ÙCJ MosesÖ¸³ö £¬ÕâÖÖÕ½Êõµ÷Õû·´Ó³ÁËÍþвÐÐΪÕßµÄ"ЧÄÜÓÅÏÈ"תÏò £¬2025Äê¹¥»÷ÕßÏÔÖøÏ÷¼õ¶Ô·ì϶µÄͶ×Ê £¬×ª¶øÀûÓÿͻ§ÍøÂçÖÐ"ÍÙÊֿɵÃ"µÄÅäÖÃȱµã £¬ÒÔ×îÓ×¶³ö·çÏÕʵÏÖÆ¾Ö¤ÇÔÈ¡ÓëºáÏòÒÆ¶¯¡£Ö»¹ÜÕ½Êõ±ä¶¯ £¬¹¥»÷Ö÷ÌâÖ¸±êδ±ä£º³ÖÐøÉøÈë¹Ø¼üÍøÂç²¢»ñȡƾ֤ÒÔ½Ó¼ûÔÚÏß·þÎñ¡£Í¨¹ý¹¥»÷ģʽÓë»ù´¡ÉèÊ©³Áµþ·ÖÎö £¬ÑÇÂíÑ·¸ß¶ÈȷПûÓëGRU¹ØÁªµÄSandworm£¨APT44£©¡¢Curly Comrades×éÖ¯ÓйØ¡£ÖµÍ×ÌùÐĵÄÊÇ £¬¹¥»÷δÀûÓÃAWS·þÎñ·ì϶ £¬¶øÊÇÕë¶Ô¿Í»§ÍйÜÔÚAWS EC2Ê·ýÉϵÄÖÎÀíÉ豸¡£


https://www.bleepingcomputer.com/news/security/amazon-disrupts-russian-gru-hackers-attacking-edge-network-devices/


3. NoName057(16)×éÖ¯½èDDoSia¹¤¾ß¹¥»÷±±Ô¼


12ÔÂ16ÈÕ £¬NoName057(16) £¬ÓÖ³Æ05716nnm»òNoName05716 £¬ÊǶíÂÞ˹ÇàÄê»·¾³×êÑÐÓëÍøÂç¼à¿ØÖÐÐÄÄÚÉú³¤µÄ°ÂÃØÏîÄ¿ £¬×Ô2022Äê3ÔÂÆð³ÖÐø¶Ô±±Ô¼³ÉÔ±¹ú¼°Å·ÖÞ×éÖ¯ÌáÒéÉ¢²¼Ê½»Ø¾ø·þÎñ£¨DDoS£©¹¥»÷¡£¸Ã×éÖ¯ÔÚ¶íÂÞ˹Áª¹úÇàÄêÁäÎñÊ𸨵¼²ãÖ§³ÖÏÂÔË×÷ £¬Ã÷È·½«×ÔÉí¶¨Î»Îª·ñ¾ö¶íÂÞ˹µØÔµÕþÖÎÖ¸±êµÄÎ÷·½»ú¹¹ÖØÒªÍøÂçÍþв £¬ÆäÐж¯Éî¶È·ûºÏ¶íÂÞ˹µ±¾ÖÀûÒæµ¼Ïò¡£ÆäÖ÷Ìâ¹¥»÷ÄÜÁ¦ÒÀ¸½DDoSiaÏîÄ¿ £¬Í¨¹ýTelegramƵ·ÕÐļ×ÔÔ¸Õß £¬ÌṩÒ×ÓõÄGo˵»°¹¥»÷¹¤¾ß²¢¸¨ÒÔ¼ÓÃÜÇ®±Ò¼Î½± £¬Ðγɶà°ü½©Ê¬ÍøÂç¡£¼¼Êõ²ãÃæ £¬DDoSiaѡȡÁ½½×¶ÎͨѶºÍ̸£º¿Í»§¶ËÊ×ÏÈÏòºÅÁîÓë½ÚÔì·þÎñÆ÷·¢ËͼÓÃÜϵͳÐÅϢʵÏÖÈÏÖ¤ £¬»ñÈ¡200 OKÏìÓ¦ºó½øÈëµÚ¶þ½×¶Î»ñȡָ±êÅäÖá£Æä»ù´¡Éèʩѡȡµ¯ÐÔ¶à²ã¼Ü¹¹ £¬µÚÒ»²ã¹«¼Ò·þÎñÆ÷¾ùÔÈÊÙÃüÔ¼9Ìì £¬Ö±½ÓÓë¿Í»§¶ËͨѶ£»µÚ¶þ²ãºó¶Ë·þÎñÆ÷Ñϸñͨ¹ýACL½ÚÔì½Ó¼û £¬½öÔÊÐíÊÚȨµÚÒ»²ã·þÎñÆ÷ÏνÓ £¬È·±£Ö÷ÌâÂß¼­ÓëÖ¸±êÁÐ±í°²È«¡£


https://cybersecuritynews.com/noname05716-hackers-using-ddosia-ddos-tool/


4. ¶íºÚ¿Í×éÖ¯³ÖÐø¶ÔÎÚÍøÂçÓʼþƽ̨ÌáÒé´¹µö¹¥»÷


12ÔÂ18ÈÕ £¬ÍøÂ簲ȫ×êÑÐÈËÔ±Åû¶ £¬ÓɶíÂÞ˹¹ú¶ÈÖ§³ÖµÄºÚ¿Í×éÖ¯BlueDelta£¨±ðºÅAPT28¡¢Fancy BearµÈ£©ÔÚ2024Äê6ÔÂÖÁ2025Äê4ÔÂÆÚ¼ä £¬Õë¶ÔÎÚ¿ËÀ¼ÈȵãÍøÂçÓʼþ¼°ÐÂÎÅ·þÎñÍøÕ¾UKR.NETÌáÒéÁË´ó¹æÄ£ÍøÂç´¹µöÐж¯ £¬Ö¼ÔÚÇÔÈ¡Óû§Æ¾Ö¤²¢ÍøÂçÃô¸ÐÐÅÏ¢ÒÔÖ§³Ö¶íÂÞ˹µý±¨Ö¸±ê¡£¾ÝRecorded FutureÆìÏÂInsikt Group»ã±¨ £¬¸Ã×é֯ͨ¹ýαÔìUKR.NETÉí·ÝÑéÖ¤ÃÅ»§µÄÐéαµÇÂ¼Ò³ÃæÖ´Ðй¥»÷¡£Êܺ¦Õß»áÊÕµ½Ô̺¬PDF¸½¼þµÄ´¹µöÓʼþ £¬ÕâЩ¸½¼þǶÈëÁËÖ¸ÏòÚ²Æ­Ò³ÃæµÄÁ´½Ó¡£×êÑÐÈËÔ±Ö¸³ö £¬ÕâÖÖÕ½Êõ¿ÉÓÐÐ§ÈÆ¹ý×Ô¶¯Óʼþ°²È«¹ýÂËϵͳ¡£¹¥»÷»ù´¡ÉèÊ©·ÖÎöÏÔʾ £¬³¬¹ý20¸ö¹ØÁªPDFÎļþ±»·Ö·¢ÖÁÖ¸±êÓû§ £¬ÎļþÄÚÈݻѳÆÓû§ÕË»§´æÔÚ¿ÉÒɻ £¬ÓÕµ¼Æäµã»÷Á´½Ó³ÁÖÃÃÜÂë¡£BlueDelta³Ö¾Ã´ÓÊÂÍøÂç¼äµý»î¶¯ £¬Ê®ÓàÄê¼äÕë¶Ôµ±¾Ö»ú¹¹¡¢¹ú·À³Ð°üÉÌ¡¢±øÆ÷¹©¸øÉ̵ÈÖ¸±êÖ´ÐÐÆ¾Ö¤ÇÔÈ¡¡£


https://therecord.media/russian-bluedelta-hackers-ran-phishing-ukraine-webmail


5. KimwolfϰȾ180ÍòÉ豸 £¬·¢Æð´ó¹æÄ£DDoS¹¥»÷


12ÔÂ17ÈÕ £¬ÃûΪKimwolfµÄÐÂÐÍÉ¢²¼Ê½»Ø¾ø·þÎñ£¨DDoS£©½©Ê¬ÍøÂçÒÑϰȾÖÁÉÙ180Íǫ̀É豸 £¬Ô̺¬AndroidµçÊÓ¡¢»ú¶¥ºÐ¼°Æ½°åµçÄÔ £¬Æä¿ÉÄܹØÁª³ôÃûÔ¶ÑïµÄAISURU½©Ê¬ÍøÂç¡£¸Ã½©Ê¬ÍøÂçÓÉNDK±àÒë £¬¾ß±¸DDoS¹¥»÷¡¢´úÀíת·¢¡¢·´Ïòshell¼°ÎļþÖÎÀíÖ°ÄÜ¡£2025Äê11ÔÂ19ÈÕÖÁ22ÈÕ £¬ÆäÈýÌìÄÚ·¢³ö17ÒÚÌõ¹¥»÷ºÅÁî £¬C2ÓòÃûÔø³¬¹ýGoogleλÁÐCloudflareǰ100ÓòÃû°ñÊס£KimwolfÖØÒªÏ°È¾¼ÒÍ¥ÍøÂçÖеĵçÊӺР£¬Éæ¼°TV BOX¡¢SuperBOX¡¢HiDPTAndroidµÈÐͺÅ £¬Ï°È¾¼¯ÖÐÓÚ°ÍÎ÷¡¢Ó¡¶È¡¢ÃÀ¹ú¡¢°¢¸ùÍ¢¡¢ÄϷǺͷÆÂɱö £¬µ«´«²¼õè¾¶Éв»Ã÷È·¡£¸Ã½©Ê¬ÍøÂçC2ÓòÃû12ÔÂÈý´Î±»¹Ø¹Øºó £¬×ªÏòÒÔÌ«·»Ãû³Æ·þÎñ£¨ENS£©Ç¿»¯»ù´¡ÉèÊ© £¬²¢Ñ¡È¡EtherHiding¼¼Êõ´ÓÖÇÄܺÏÔ¼»ñÈ¡C2 IPµØÖ· £¬Í¨¹ýXOR²Ù×÷½âÎöÏÖʵIP £¬¼ÓÇ¿¿¹½ø¹¥ÄÜÁ¦¡£×êÑз¢ÏÖ £¬KimwolfÓëAISURU´æÔÚ¹ØÁª £¬Á½Õßͨ¹ýÒ»ÑùϰȾ¾ç±¾´«²¼ £¬ÇÒ¹²Ïí´úÂëÊðÃûÖ¤Êé £¬ÊôÓÚͳһºÚ¿Í×éÖ¯¡£Kimwolf×îа汾ÒýÈëTLS¼ÓÃÜͨѶ £¬Ö§³Ö13ÖÖ»ùÓÚUDP¡¢TCPºÍICMPµÄDDoS¹¥»÷²½Öè £¬¹¥»÷Ö¸±ê¸²¸ÇÃÀ¹ú¡¢Öйú¡¢·¨¹ú¡¢µÂ¹úºÍ¼ÓÄôó¡£


https://thehackernews.com/2025/12/kimwolf-botnet-hijacks-18-million.html


6. SonicWall SMA1000¸ßΣ·ì϶ÔâÁãÈÕ¹¥»÷ÀûÓÃ


12ÔÂ17ÈÕ £¬ÍøÂ簲ȫ³§ÉÌSonicWall½üÈÕ°ä²¼´¹Î£°²È«²¼¸æ £¬Åû¶ÆäSMA1000É豸ÖÎÀí½ÚÔį̀£¨AMC£©´æÔÚÒ»¸öÖеÈÑϳÁˮƽµÄ±¾µØÈ¨ÏÞÌáÉý·ì϶£¨CVE-2025-40602£© £¬¸Ã·ì϶Òѱ»ÓÃÓÚÁãÈÕ¹¥»÷ÒÔÌáÉýϵͳȨÏÞ¡£¾ÝSonicWall²úÆ·°²È«ÊÂÎñÏìÓ¦ÍŶӣ¨PSIRT£©´«µÝ £¬¸Ã·ì϶ÓÉGoogleÍþвµý±¨Ó××éµÄCl¨¦ment LecigneºÍZander Work»ã±¨ £¬²»Ó°ÏìSonicWall·À»ðǽÔËÐеÄSSL-VPNÖ°ÄÜ £¬µ«Ç¿ÁÒ½¨ÒéÓû§Éý¼¶ÖÁ×îÐÂÈȽ¨¸´°æ±¾ÒÔ½¨¸´·ì϶¡£¹¥»÷Õß¿ÉÀûÓô˷ì϶ÓëÁíÒ»¸öÑϳÁ¼¶´ËÍâÔ¤Éí·ÝÑéÖ¤·´ÐòÁл¯·ì϶£¨CVE-2025-23006 £¬CVSSÆÀ·Ö9.8£©×éºÏʹÓà £¬ÊµÏÖδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì´úÂëÖ´Ðв¢»ñµÃrootȨÏÞ¡£CVE-2025-23006ÒÑÔÚ2025Äê1ÔÂ22ÈÕ°ä²¼µÄ12.4.3-02854ƽ̨ÈȽ¨¸´°æ±¾Öн¨¸´¡£»¥ÁªÍø¼à¹Ü»ú¹¹ShadowserverĿǰ׷×Ùµ½³¬¹ý950̨¶³öÔÚ¹«ÍøµÄSMA1000É豸 £¬Ö»¹Ü²¿ÃÅÉ豸¿ÉÄÜÒÑÕë¶Ô´Ë¹¥»÷Á´½øÐн¨²¹¡£


https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-new-sma1000-zero-day-exploited-in-attacks/