Daban-daban Botnets Pummel Shekarar Tsohuwar TP-Link Lalacewar Hare-haren IoT

Yawancin botnets suna tayar da raunin umarnin allura na kusan shekara a cikin masu amfani da hanyoyin sadarwa na TP-Link don yin sulhu da na'urorin don hare-haren hana sabis (DDoS) da IoT ke tukawa.

An riga an sami faci don aibi, ana bin sa kamar CVE-2023-1389, da aka samo a cikin tsarin sarrafa Yanar Gizo na TP-Link Archer AX21 (AX1800) Wi-Fi na'ura mai ba da hanya tsakanin hanyoyin sadarwa da na'urori masu tasiri 1.1.4 Gina 20230219 ko kafin.

Koyaya, masu yin barazanar suna amfani da na'urorin da ba a buɗe ba don aika botnets daban-daban - sun haɗa da Moobot, Miori, AGoent, a Gafgyt bambancin, da kuma bambance-bambancen m Mirai botnet - wanda zai iya yin sulhu da na'urorin don DDoS da kuma ƙarin aiki mara kyau, bisa ga shafin yanar gizo daga Fortiguard Labs Binciken Barazana.

"Kwanan nan, mun lura da hare-hare da yawa da ke mai da hankali kan rashin lafiyar wannan shekara," wanda a baya ya yi amfani da shi a baya. Mirai botnet, bisa ga post na Fortiguard masu bincike Cara Lin da Vincent Li. Na'urar wayar tarho ta IPS ta Fortiguard ta gano manyan kololuwar zirga-zirga, wanda ya fadakar da masu binciken game da munanan ayyukan, in ji su.

Yin amfani da TP-Link Flaw

Laifin ya haifar da yanayin da babu tsaftar filin "Ƙasa" na tsarin sarrafa na'ura mai ba da hanya tsakanin hanyoyin sadarwa, "don haka maharin zai iya yin amfani da shi don ayyukan mugunta da samun gindin zama," a cewar TP-Link's. shawarwari na tsaro ga aibi.

Lin da Li sun bayyana cewa "Wannan rashin ingancin umarnin allura ne a cikin 'wuri' API da ake samu ta hanyar sarrafa yanar gizo," in ji Lin da Li.

Don amfani da shi, masu amfani za su iya tambayar ƙayyadadden tsari na “ƙasa” kuma su gudanar da aikin “rubutu”, wanda aikin “set_country” ke sarrafa, masu binciken sun bayyana. Wannan aikin yana kiran aikin "merge_config_by_country" kuma yana haɗa hujjar ƙayyadadden nau'i "ƙasa" a cikin layin umarni. Ana aiwatar da wannan kirtani ta aikin “popen”.

"Tunda filin 'kasa' ba zai zama fanko ba, maharin na iya cimma nasarar allurar umarni," masu binciken sun rubuta.

Botnets zuwa Siege

Shawarar TP-Link lokacin da aka bayyana aibi a bara ya haɗa da amincewa da amfani da Mirai botnet. Amma tun daga lokacin wasu botnets da bambance-bambancen Mirai daban-daban suma sun mamaye na'urori masu rauni.

Ɗayan shine Agoent, bot wakili na tushen Golang wanda ke kai hari ta hanyar fara samo fayil ɗin rubutun "exec.sh" daga gidan yanar gizon da ke sarrafa maharin, wanda sannan ya dawo da fayilolin Executable da Linkable Format (ELF) na gine-gine na tushen Linux daban-daban.

Bot din yana aiwatar da halaye na farko guda biyu: na farko shine ƙirƙirar sunan mai amfani da kalmar sirri ta amfani da haruffa bazuwar, na biyu kuma shine kafa haɗin kai tare da umarni da sarrafawa (C2) don ƙaddamar da takaddun shaidar da malware ɗin ya ƙirƙira don karɓar na'urar. masu binciken sun ce.

Botnet wanda ke haifar da ƙin sabis (DoS) a cikin gine-ginen Linux da ake kira bambance-bambancen Gafgyt shima yana kai hari ga TP-Link ta hanyar zazzagewa da aiwatar da fayil ɗin rubutun sannan kuma dawo da fayilolin aiwatar da gine-ginen Linux tare da prefix filename "sake haifuwa." Sa'an nan botnet ɗin ya sami bayanan da aka yi niyya na IP da kuma bayanan gine-gine, wanda ya haɗa cikin igiyar da ke cikin saƙon haɗin gwiwa na farko, masu binciken sun bayyana.

"Bayan kafa haɗin kai tare da uwar garken C2 ɗin sa, malware ɗin yana karɓar umarnin 'PING' mai ci gaba daga uwar garken don tabbatar da dagewa kan abin da aka lalata," masu binciken sun rubuta. Daga nan yana jiran umarnin C2 daban-daban don ƙirƙirar hare-haren DoS.

Botnet da ake kira Moobot kuma yana kai hari kan lahani don gudanar da hare-haren DDoS akan IPs masu nisa ta hanyar umarni daga uwar garken C2 maharin, in ji masu binciken. Yayin da botnet ke hari daban-daban na gine-ginen kayan aikin IoT, masu binciken Fortiguard sun bincika fayil ɗin aiwatar da botnet da aka tsara don tsarin gine-ginen “x86_64” don tantance ayyukan cin gajiyar sa, in ji su.

A daban na Mirai Har ila yau yana gudanar da hare-haren DDoS a cikin cin gajiyar kuskure ta hanyar aika fakiti daga uwar garken C&C don jagorantar ƙarshen ƙarshen don fara harin, masu binciken sun lura.

"Dokar da aka kayyade ita ce 0x01 don ambaliya ta Valve Source Engine (VSE), tare da tsawon daƙiƙa 60 (0x3C), wanda ke yin niyya ga adireshin IP ɗin da aka zaɓa ba da gangan ba da lambar tashar jiragen ruwa 30129," sun bayyana.

Miori, wani bambance-bambancen Mirai, shi ma ya shiga cikin fafutukar aiwatar da hare-haren wuce gona da iri kan na'urorin da aka lalata, in ji masu binciken. Kuma sun kuma lura da hare-haren Condi wanda ya kasance daidai da sigar botnet wanda ke aiki a bara.

Harin yana riƙe da aikin don hana sake kunnawa ta hanyar share binaries da ke da alhakin rufewa ko sake kunna tsarin, da kuma bincikar matakai masu aiki da kuma giciye tare da kirtani da aka riga aka ƙayyade don ƙare matakai tare da sunayen da suka dace, masu binciken sun ce.

Faci & Kariya don Guji DDoS

Hare-haren Botnet da ke amfani da lahani na na'ura don kai hari kan yanayin IoT "ba su da ƙarfi," don haka ya kamata masu amfani su yi taka tsantsan game da botnets DDoS, "in ji masu binciken. Lallai, abokan gaba na IoT suna haɓaka hare-haren su ta hanyar cin duri kan kurakuran na'urar da ba a buɗe ba don ci gaba da dabarun kai hari na zamani.

Ana iya rage kai hare-hare kan na'urorin TP-Link ta hanyar amfani da facin da ke akwai don na'urorin da abin ya shafa, kuma ya kamata a bi wannan aikin ga duk wasu na'urorin IoT "don kare mahallin cibiyar sadarwar su daga kamuwa da cuta, tare da hana su zama bots ga masu yin barazana," masu bincike sun rubuta.

Har ila yau, Fortiguard ya haɗa a cikin bayanansa daban-daban alamomi na daidaitawa (IoCs) don hare-haren botnet daban-daban, ciki har da sabar C2, URLs, da fayilolin da zasu iya taimakawa masu kula da uwar garken gano harin.

Ƙunshin Ƙarfafa SEO & Rarraba PR. Samun Girma a Yau.
PlatoData.Network Tsaye Generative Ai. Karfafa Kanka. Shiga Nan.
PlatoAiStream. Web3 Mai hankali. Ilmi Ya Faru. Shiga Nan.
PlatoESG. Carbon, CleanTech, Kuzari, Muhalli, Solar, Gudanar da Sharar gida. Shiga Nan.
PlatoHealth. Biotech da Clinical Trials Intelligence. Shiga Nan.
Source: https://www.darkreading.com/ics-ot-security/various-botnets-pummel-tp-link-flaw-iot-attacks

Generative Data Intelligence

Daban-daban Botnets Pummel Shekara-Tsohon TP-Link Lalacewar Hare-haren IoT

Yin amfani da TP-Link Flaw

Botnets zuwa Siege

Faci & Kariya don Guji DDoS

Tarihi: DEA ta yarda don matsar da marijuana zuwa Jadawalin III

Daren Lahadin Barwick zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar ababen hawa ya ƙare a cikin kama marijuana - Haɗin Shirin Marijuana na Likita

Sabbin Hankali

RIV Capital ya ba da rahoton Sakamako na Kudi na kwata na kasafin kuɗi da na wata tara

RIV Capital ya ba da rahoton Sakamako na Kudi na kwata na kasafin kuɗi da na wata tara

RIV Capital ya ba da rahoton Sakamako na Kudi na kwata na kasafin kuɗi da na wata tara

Grown Rogue Reports An tantance sakamakon Kudi

Bayanin Hanyoyin Ɗaukar Bayanai Na atomatik

Kewaya Yarjejeniyar Hayar Kasuwancin Cannabis a Washington