ÎÚ¿ËÀ¼Ôâ¶à×éÍþвÐÐΪÕßÍøÂç¹¥»÷

°ä²¼¹¦·ò 2025-08-08

1. ÎÚ¿ËÀ¼Ôâ¶à×éÍþвÐÐΪÕßÍøÂç¹¥»÷


8ÔÂ6ÈÕ £¬ÎÚ¿ËÀ¼ÍÆËã»úÓ¦¼±ÏìÓ¦Ó××飨CERT-UA£©½üÈÕ°ä²¼¾¯±¨ £¬Ö¸³ö¸Ã¹úµ±¾Ö»ú¹¹¡¢¹ú·À¶ÓÁм°¹ú·À¹¤ÒµÆóÒµÕýÔâ·ê¶à¸öÍþвÐÐΪÕߵijÖÐøÍøÂç¹¥»÷¡£ÆäÖÐ £¬UAC-0099×éÖ¯ÓëGamaredon¼¯ÌåÓÈΪ»îÔ¾ £¬¶þÕß¾ùͨ¹ý¾«ÃÜÉè¼ÆµÄÍøÂç´¹µö¼¿Á©ÉøÈëÖ¸±êϵͳ £¬ÇÔÈ¡Ãô¸ÐÊý¾Ý²¢³ÉÁ¢Óƾû¯½Ó¼û¡£UAC-0099×éÖ¯×Ô2023Äê6Ô³õ´Î±»¹«¿ª¼Í¼ÒÔÀ´ £¬ÂÅ´ÎÒÔÎÚ¿ËÀ¼ÊµÌåΪ¼äµý»î¶¯Ö¸±ê¡£Æä×îй¥»÷ÀûÓ÷¨Ôº´«Æ±Ö÷ÌâµÄ´¹µöÓʼþ £¬Í¨¹ýCuttlyµÈURLËõ¶Ì·þÎñ·¢ËÍÁ´½Ó £¬ÓÕµ¼Êܺ¦ÕßÏÂÔØÔ̺¬HTMLÀûÓ÷¨Ê½£¨HTA£©µÄË«´æµµÎļþ¡£Ö´Ðкó £¬»ìºÏµÄVisual Basic¾ç±¾»á´´½¨´òË㹤×÷ʵÏÖÓÆ¾Ã»¯ £¬²¢¼ÓÔØMATCHBOIL¶ñÒâÈí¼þ £¬×îÖÕͶ·ÅMATCHWOKºóÃż°DRAGSTAREÊý¾ÝÇÔÈ¡·¨Ê½¡£Óë´Ëͬʱ £¬°²È«³§ÉÌESETµÄ»ã±¨½Òʾ £¬¶íÂÞ˹²¼¾°µÄGamaredon¼¯ÌåÔÚ2024ÄêϰëÄêÏÔÖø¼ÓÇ¿Á˶ÔÎÚ¿ËÀ¼µÄ¡°ÎÞÇ顱Óã²æÊ½ÍøÂç´¹µö¹¥»÷¡£¸Ã×é֯ѡȡÁùÖÖÐÂÐ͹¤¾ß £¬Ô̺¬ÓÃÓÚÕï¶ÏÊý¾ÝÍøÂçµÄPteroDespair¡¢ºáÏòÒÆ¶¯µÄPteroTickle±øÆ÷»¯¹¤¾ß £¬ÒÔ¼°Í¨¹ýTelegraph API³ÉÁ¢¼ÓÃÜͨ·µÄPteroGraphinÓÆ¾Ã»¯¹¤¾ß¡£


https://thehackernews.com/2025/08/cert-ua-warns-of-hta-delivered-c.html


2. Ç÷Ïò¿Æ¼¼Apex Oneƽ̨ÏÖ»îÔ¾ÀûÓõÄÔ¶³Ì´úÂëÖ´Ðзì϶


8ÔÂ6ÈÕ £¬ÍøÂ簲ȫ³§ÉÌÇ÷Ïò¿Æ¼¼½üÈÕÏò¿Í»§·¢³ö´¹Î£ÖÒ¸æ £¬³ÆÆäApex One¶Ëµã°²È«Æ½Ì¨ÕýÔâ·êÕë¶ÔÁ½¸öÑϳÁÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2025-54948¡¢CVE-2025-54987£©µÄ»îÔ¾ÀûÓà £¬¶½´ÙÓû§Á¢¼´²ÉÈ¡·À»¤´ëÊ©¡£Õâ´Î·ì϶ԴÓÚApex OneÖÎÀí½ÚÔį̀£¨±¾µØ°æ£©µÄºÅÁî×¢Èëȱµã £¬ÔÊÐíÔ¤ÏÈͨ¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷ÕßÔÚ佨²¹µÄϵͳÉÏÔ¶³ÌÖ´ÐÐËÁÒâ´úÂë¡£Ö»¹Ü·ì϶Ðè¹¥»÷Õ߾߱¸½ÚÔį̀½Ó¼ûȨÏÞ £¬µ«Ç÷Ïò¿Æ¼¼Ã÷È·°µÊ¾Òѹ۲⵽ÖÁÉÙһ·Ұ±íÀûÓð¸Àý £¬ÈÕ±¾CERTҲͬ²½°ä²¼Ô¤¾¯ £¬Ç¿µ÷ÆäÏÖʵÍþвÐÔ¡£ÎªÓ¦¶Ô´¹Î£Çé¿ö £¬Ç÷Ïò¿Æ¼¼³Æ2025Äê8ÔÂÖÐÑ®°ä²¼²¹¶¡ £¬²¢Ìṩ¶ÌÆÚ»º½â¹¤¾ß¡£¸Ã¹¤¾ßͨ¹ý½ûÓÃÖÎÀíÔ±´ÓApex One½ÚÔį̀Զ³Ì²¿Êð´úÀíµÄÖ°ÄÜ £¬¿ÉÆëÈ«×è¶ÏÒÑÖª·ì϶ÀûÓÃõè¾¶ £¬µ«»áµ¼ÖÂÁÙʱʧȥԶ³ÌÖÎÀíÄÜÁ¦¡£¹«Ë¾½¨ÒéÓû§ÓÅÏȲ¿Êð´Ë¹¤¾ß £¬¼´±ãÐè¾ÍÒ岿ÃÅ·½±ãÐÔÒÔÈ·±£¶Ëµã°²È«¡£½øÒ»²½·À»¤½¨ÒéÔ̺¬£ºÈô½ÚÔį̀IPµØÖ·Â¶³öÓÚ±í²¿ÍøÂç £¬Ó¦Á¢¼´Ö´ÐÐÔ´IPÏ޶ȵȽӼû½ÚÔì´ëÊ©¡£


https://www.bleepingcomputer.com/news/security/trend-micro-warns-of-endpoint-protection-zero-day-exploited-in-attacks/


3. еġ°¹í»êµç»°¡¹Ø½ÊõÀûÓÃZoomºÍMicrosoft Teams½øÐÐC2²Ù×÷


8ÔÂ6ÈÕ £¬ÔÚBlackHat USA 2025´ó»áÉÏ £¬Praetorian°²È«×êÑÐÔ±Adam Crosser½ÒʾÁËÒ»ÖÖÃûΪ"¹í»êºô½Ð"£¨Ghost Calls£©µÄÐÂÐͺóÀûÓúÅÁîÓë½ÚÔ죨C2£©¶ã±Ü¼¼Êõ¡£¸Ã¼¼Êõͨ¹ýÀÄÓÃZoom¡¢Microsoft TeamsµÈ»áÒéÀûÓ÷¨Ê½Ê¹ÓõÄTURNºÍ̸·þÎñÆ÷ £¬½«¶ñÒâC2Á÷Á¿¼Ù×°³ÉÕý³£ÊÓÆµ»áÒéͨѶ £¬´Ó¶øÈƹý´«Í³ÍøÂ簲ȫ·ÀÓù¡£TURNºÍ̸±¾ÊÇÓÃÓÚÔ®ÊÖNAT·À»ðǽºóÉ豸³ÉÁ¢ÊÓÆµÍ¨»°¡¢VoIPµÈʵʱͨѶµÄ¸¨ÖúºÍ̸¡£µ±Óû§²ÎÓëZoom»òTeams»áÒéʱ £¬¿Í»§¶Ë»á»ñȡһʱTURNÍ´´¦ÒÔ³ÉÁ¢ÖмÌÏνÓ¡£"¹í»êºô½Ð"ͨ¹ý½Ù³ÖÕâЩºÏ·¨Í´´¦ £¬ÔÚ¹¥»÷ÕßÓëÊܺ¦ÕßÉ豸¼ä¹¹½¨»ùÓÚWebRTCµÄ¼ÓÃÜËí· £¬½«C2Ö¸Áî¼Ù×°³ÉͨÀýÊÓÆµ»áÒéÁ÷Á¿¡£ÓÉÓÚÁ÷Á¿¾­ÆóÒµ³£ÓÃÓòÃû·ÓÉ £¬ÇÒʹÓö˿Ú443µÄUDP/TCP×ÔÊÊÓ¦´«Êä £¬¿ÉÈÆ¹ý·À»ðǽ¡¢´úÀí¼°TLS²é³­ £¬ÊµÏָ߶ÈÒñ±ÎµÄºÅÁî½ÚÔì¡£CrosserÖ¸³ö £¬Ó봫ͳC2»úÔìÏà±È £¬¸Ã²½Öè¾ß±¸Èý´óÓÅÊÆ£ºÆäÒ» £¬ÎÞÐèÒÀÀµÈí¼þ·ì϶ £¬½öͨ¹ýÀÄÓúϷ¨»ù´¡ÉèÊ©¼´¿ÉʵÏÖ£»Æä¶þ £¬Ö§³Öʵʱ½»»¥ £¬Âú×ãVNCÔ¶³Ì½ÚÔìµÈ±ØÒªµÍÑÓ³¤µÄ²Ù×÷ÐèÒª£»ÆäÈý £¬¹¥»÷ÕßÎÞÐè¶³ö×ÔÓÐÓòÃû»ò»ù´¡ÉèÊ© £¬¼«´ó½µµÍ×·×Ù·çÏÕ¡£


https://www.bleepingcomputer.com/news/security/new-ghost-calls-tactic-abuses-zoom-and-microsoft-teams-for-c2-operations/


4. µÂ¹úµçÐÅMagentaTVƽ̨Òò¸æ°×ƽ̨·ì϶й¶Óû§Êý¾Ý


8ÔÂ6ÈÕ £¬µÂ¹úµçÐÅ£¨Deutsche Telekom£©ÆìϼúýÌåÆ½Ì¨MagentaTVÒòµÚÈý·½¸æ°×ƽ̨·ì϶Ôâ·êÓû§Êý¾Ýй¶ £¬Ð¹Â¶Ê±³¤´ïÊýÔ¡£×êÑÐÍŶÓÓÚ2025Äê6ÔÂÖÐÑ®·¢ÏÖ £¬Óɸæ°×¼¼Êõ¹«Ë¾EquativÆìϵÄServerside.aiÍйܵÄElasticsearchÊý¾Ý¿âδÉè±£»¤ £¬µ¼ÖÂMagentaTVÓû§ÈÕÖ¾±»¹«¿ªÂ¶³ö¡£Ö»¹ÜµÂ¹úµçÐÅÔÚÍŶӴ«µÝºóÒÑÏÂÏ߸ÃÊ·ý £¬µ«Â¶³öÆÚ¼ä£¨ÖÁÉÙ×Ô2025Äê2ÔÂÆð£©ÀÛ»ýµÄ³¬3.24ÒÚÌõÈÕÖ¾×ÜÁ¿´ï729GBÒÑÃæ¶ÔDZÔÚÀÄÓ÷çÏÕ¡£Õâ´Îй¶µÄÊý¾ÝÖØÒªÔ´ÓÚÓû§ÓëMagentaTVƽ̨µÄ½»»¥ÒªÇó £¬Ô̺¬HTTP±êÍ·ÖеķÇÃô¸ÐÐÅÏ¢£¨ÈçÓû§´úÀí£©¼°²¿ÃÅÃô¸Ð±êʶ·û £¬Ô̺¬Î¨Ò»É豸±êʶ£¨MACµØÖ·£©¡¢ÍøÂçÏνӱêʶ£¨IPµØÖ·£©¡¢ÕË»§¹ØÁªID£¨¿Í»§ID¼°»á»°ID£©¡£Ö»¹Üµ¥ÌõÊý¾Ý¼ÛÖµÓÐÏÞ £¬µ«¹¥»÷Õß¿Éͨ¹ý½»²æÒýÓöàԴй¶Êý¾Ý£¨È纹Çàй¶µÄIPÓëÓû§ÐÅϢƥÅ䣩ʵÏÖÓû§Éí·Ý×·×Ù»òÉ豸¶¨Î»¡£


https://cybernews.com/security/deutsche-telekom-magentatv-data-leak/


5. ¹È¸èÔÚ³ÖÐøµÄSalesforceÊý¾Ý͵ÇÔ¹¥»÷ÖÐÔâ·êÊý¾Ýй¶


8ÔÂ6ÈÕ £¬¿Æ¼¼¾ÞÍ·Google½üÈÕÈ·ÈϳÉΪÀÕË÷×éÖ¯ShinyHuntersµÄ×îй¥»÷Ö¸±ê £¬ÆäÆóÒµSalesforce¿Í»§¹ØÏµÖÎÀí£¨CRM£©ÏµÍ³ÔâÈëÇÖ £¬µ¼Ö²¿Ãſͻ§Êý¾Ýй¶¡£Õâ´ÎÊÂÎñÓë¸Ã×éÖ¯½üÆÚÕë¶ÔÈ«ÇòÆóÒµµÄ´ó¹æÄ£Êý¾ÝÇÔÈ¡Ðж¯ÓйØ £¬Éæ¼°ÓïÒô´¹µö£¨Vishing£©Éç»á¹¤³Ì¹¥»÷¼°Salesforceƽ̨·ì϶ÀûÓ᣾ÝGoogleÅû¶ £¬6ÔÂÆÚ¼ä £¬ÆäÒ»¸öÓÃÓÚ´æ´¢ÖÐÓׯóÒµÁªÏµÐÅÏ¢¼°Óйر¸×¢µÄSalesforceÊ·ý £¬ÒòÔâ·ê±»×·×ÙΪ¡°UNC6040¡±»ò¡°UNC6240¡±µÄÍþвÐÐΪÕß¹¥»÷¶øÊ§ÏÝ¡£¹¥»÷Õßͨ¹ýÉç»á¹¤³Ì¼¿Á©ÇÖÈëϵͳ £¬ÔÚ¶ÌÔݽӼû´°¿ÚÄÚÇÔÈ¡ÁË»ù´¡Ã³Ò×ÐÅÏ¢ £¬Ô̺¬ÆóÒµÃû³Æ¡¢ÁªÏµ·½Ê½µÈ´ó²¿ÃÅΪ¹«¿ª»ò·ÇÃô¸ÐÊý¾Ý¡£GoogleÇ¿µ÷ÒÑѸËٶ½ØÈëÇÖõè¾¶²¢ÊµÏÖÓ°Ïì·ÖÎö £¬µ«Î´Ã÷È·¾ßÌåÊÜÓ°Ïì¿Í»§ÊýÁ¿¡£ÖµÍ×ÌùÐĵÄÊÇ £¬Õâ´Î¹¥»÷Ä»ºóºÚÊÖʵΪ³ôÃûÔ¶ÑïµÄShinyHuntersÀÕË÷¼¯ÍÅ¡£Õâ´ÎÐж¯ÖÐ £¬ShinyHuntersͨ¹ýÈëÇÔìóÒµSalesforceÊ·ýÇÔÈ¡Êý¾Ý £¬²¢ÒÔ¹«¿ªÐ¹Â¶»òÏúÊÛÊý¾ÝΪÍþв½øÐÐÀÕË÷¡£


https://www.bleepingcomputer.com/news/security/google-suffers-data-breach-in-ongoing-salesforce-data-theft-attacks/


6. ·¨¹ú²¼ÒÁ¸ñµçÐÅÔâ·ê´ó¹æÄ£Êý¾Ýй¶ £¬640Íò¿Í»§ÐÅÏ¢ÊÜÓ°Ïì


8ÔÂ7ÈÕ £¬·¨¹úÖØÒªµçÐÅÔËÓªÉ̲¼ÒÁ¸ñµçÐÅ£¨Bouygues Telecom£©Åû¶ÁËһ·³Á´óÍøÂ簲ȫÊÂÎñ £¬Ô¼640Íò¿Í»§µÄÓ×ÎÒÊý¾ÝÔÚÕë¶ÔÐÔÍøÂç¹¥»÷ÖÐÔ⵽й¶¡£×÷Ϊ·¨¹úµÚÈý´óÒÆ¶¯·þÎñÌṩÉÌ £¬¸Ã¹«Ë¾Õ¼ÓÐ1450ÍòÒÆ¶¯Óû§¼°9000ÃûÔ±¹¤ £¬2024ÄêÓªÊÕ´ï568ÒÚÅ·Ôª¡£¾Ý¹Ù·½ÉêÃ÷ £¬¹¥»÷ÓÉ"ÒÑÖªÍøÂç·¸×OÍÅ"Ö´ÐÐ £¬Í¨¹ýÇÖÈëÌØ¶¨ÄÚ²¿×ÊÔ´»ñÈ¡Á˿ͻ§ÁªÏµ·½Ê½¡¢ºÏͬÐÅÏ¢¡¢»éÒöÇé¿ö¡¢ÆóÒµ¿Í»§×ÊÁϼ°¹ú¼ÊÒøÐÐÕ˺ţ¨IBAN£©µÈÃô¸ÐÊý¾Ý¡£ÖµµÃÇìÐÒµÄÊÇ £¬ÐÅÓþ¿¨ºÅ¡¢ÕË»§ÃÜÂëµÈÖ÷Ìâ²ÆÕþÐÅϢδ±»ÇÔÈ¡¡£ÊÂÎñ²úÉúºó £¬²¼ÒÁ¸ñµçÐż¼ÊõÍŶÓѸËÙ×è¶Ï¹¥»÷Õß½Ó¼ûõè¾¶ £¬²¢Ð­Í¬·¨¹ú¹ú¶ÈÍøÂ簲ȫ¾Ö£¨ANSSI£©ºÍÊý¾Ý±£»¤»ú¹¹CNIL·¢Õ¹µ÷²é £¬Í¬Ê±Ç¿»¯ÍøÂç¼à¿ØÓ밲ȫ·À»¤ÏµÍ³¡£Ð¹Â¶ÊÂÎñ¶Ô¿Í»§×é³ÉDZÔÚ·çÏÕ £¬Ö»¹ÜIBANµ¥¶À²»¼°ÒÔʵÏÖתÕ˲Ù×÷ £¬µ«ÊÜÓ°ÏìÓû§ÈÔ±»½¨Ò鶨ÆÚºË²éÒøÐÐÂòÂô¼Í¼ £¬²¢¾¯ÌèÒÔ¿Í»§ÐÕÃûºÍÕ˺ÅÖ´ÐеÄÍøÂç´¹µöÚ¿Æ­¡£¹«Ë¾ÒÑͨ¹ý¶ÌÐźÍÓʼþÖ±½Ó֪ͨÊܺ¦Õß £¬²¢Ã÷È·ÖÒ¸æÇÐÎðÏòÐû³Æ°ÑÎÕÆäÓ×ÎÒÐÅÏ¢µÄÀ´µçÕßй©µÇ¼ƾ֤µÈÃô¸Ð×ÊÁÏ¡£


https://www.bleepingcomputer.com/news/security/bouygues-telecom-confirms-data-breach-impacting-64-million-customers/