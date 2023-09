By

US Cybersecurity and Infrastructure Security Agency (CISA) enyela ịdọ aka ná ntị gbasara ọtụtụ ndị na-eme ihe nkiri steeti na-erigbu adịghị ike nchekwa na Fortinet FortiOS SSL-VPN na Zoho ManageEngine ServiceDesk Plus. Ndị na-eme ihe nkiri a na-enweta ohere na-enweghị ikike na sistemụ mebie ma guzobe nnọgidesi ike.

Mkpesa ahụ, bụ nke CISA, Federal Bureau of Investigation (FBI), na Cyber ​​National Mission Force (CNMF) jikọtara ọnụ, na-ekwu na ndị na-eme ihe nkiri na-eme ihe iyi egwu nke mba steeti na-erigbu CVE-2022-47966. Ọdịmma a na-enye ohere ịnweta Zoho ManageEngine ServiceDesk Plus na-enweghị ikike, na-eduga na nguzobe nke nnọgidesi ike na mmegharị mpụta site na netwọk.

Ọ bụ ezie na ekpughereghị njirimara nke ndị otu iyi egwu metụtara, US Cyber ​​Command (USCYBERCOM) atụwo aro na enwere ike itinye aka na ndị ọrụ ụgbọ ala mba Iran.

Nchọpụta ndị a gbadoro ụkwụ na ntinye aka nzaghachi ihe merenụ nke CISA mere n'otu ngalaba na-ahụ maka ikuku na-akpọghị aha site na February ruo Eprel 2023. Ekwenyere na omume ọjọọ a malitere ka mbido Jenụwarị 18, 2023.

Ọdịmma CVE-2022-47966 na-ezo aka na ntụpọ dị oke egwu nke na-eme ka mkpochapụ koodu dịpụrụ adịpụ, na-enye ohere ka ndị na-awakpo enweghị nkwenye weghara ọnọdụ adịghị ike kpamkpam.

Ozugbo ndị mwakpo ahụ jiri nke ọma na-erigbu adịghị ike ahụ, ha nwetara ohere mgbọrọgwụ na sava weebụ. Ha gara n'ihu ibudata malware ndị ọzọ, depụta netwọkụ ahụ, na-anakọta nzere onye ọrụ nchịkwa, wee kwaga n'akụkụ n'ime netwọkụ ahụ.

Amabeghị ma ezuru ozi ọ bụla n'ihi mwakpo ndị a.

A mebiri nzukọ a na ajụjụ site na iji vector nnweta mbụ nke abụọ, nke gụnyere irigbu CVE-2022-42475, ahụhụ siri ike na Fortinet FortiOS SSL-VPN, iji nweta firewall.

CISA ekwuola na ndị mwakpo ahụ mebiri ma jiri nzere akaụntụ nchịkwa ziri ezi nwere nkwarụ sitere n'aka onye ọrụ goro ọrụ mbụ. Ekwenyere na onye ọrụ agbanyụrụ ya tupu omume ọjọọ ahụ ahụrụ eme.

A hụrụ ndị mwakpo ahụ ka ha na-amalite ọtụtụ nnọkọ ezoro ezo na adreesị IP dị iche iche, na-egosi mbufe data sitere na ngwaọrụ firewall mebiri emebi. Ha nyekwara nzere bara uru ka ha si na firewall gaa na sava webụ wee bufee shei webụ maka ịnweta azụ azụ.

N'ọnọdụ abụọ a, ndị na-eme ihe egwu ahụ kwụsịrị nzere akaụntụ nchịkwa yana ehichapụ ndekọ sitere na sava dị oke egwu iji kpuchie egwu ha wee hichapụ ihe akaebe nke mmemme ha.

N'oge mwakpo ahụ, a hụrụ anydesk.exe executable na ndị ọbịa atọ n'etiti mbido February na etiti Machị 2023. Ndị na-eme ihe egwu mebiri otu onye ọbịa wee kwaga n'akụkụ iji wụnye nke a ga-arụ na nke ọzọ.

Usoro nke ịwụnye AnyDesk na igwe ọ bụla amabeghị ugbu a. Ndị na-eme ihe nkiri jikwa onye ahịa ConnectWise ScreenConnect ziri ezi budata ma mee ngwa mwụfu nzere Mimikatz.

Ndị mwakpo ahụ nwara irigbu adịghị ike Apache Log4j amaara (CVE-2021-44228 ma ọ bụ Log4Shell) na sistemụ ServiceDesk maka ịnweta mbụ mana ha agaghị eme nke ọma.

Iji chebe megide mwakpo ndị a na-aga n'ihu, a na-adụ ndị otu ọdụ ka ha tinye mmelite kachasị ọhụrụ, nyochaa maka ojiji nke ngwa ngwa ohere na-enweghị ikike, ma kpochapụ akaụntụ na otu ndị na-adịghị mkpa iji gbochie nrigbu ha.

