详细内容或原文请订阅后点击阅览
TheWizards APT组使用Slaac Spoofing执行中型攻击
ESET研究人员分析了Spellbinder,这是一种用于执行中型攻击对手
来源:WeLiveSecurity _恶意软件在此博客文章中,ESET研究人员对Spellbinder进行了分析,Spellbinder是一种横向移动工具,用于执行中国一致的威胁参与者使用的中间人攻击,我们将其命名为TheWizards。 Spellbinder通过IPv6无状态地址自动配置(SLAAC)启动攻击中间人(AITM)攻击,可以在折衷的网络中横向移动,拦截数据包并重定向合法中国软件的流量,以便从攻击者控制的服务器控制的服务器中下载恶意更新。
Key points in this blogpost:We discovered a malicious downloader being deployed, by legitimate Chinese software update mechanisms, onto victims’ machines.The downloader seeks to deploy a modular backdoor that we have named WizardNet.We analyzed Spellbinder: the tool the attackers use to conduct local adversary-in-the-middle attacks and to redirect traffic to an attacker-controlled server to deliver the group’s signature后门Wizardnet。我们提供有关Wwizards与中国公司Dianke Network Security Technology(也称为UPSEC)之间链接的详细信息。
此博客文章中的要点:
- We discovered a malicious downloader being deployed, by legitimate Chinese software update mechanisms, onto victims’ machines.The downloader seeks to deploy a modular backdoor that we have named WizardNet.We analyzed Spellbinder: the tool the attackers use to conduct local adversary-in-the-middle attacks and to redirect traffic to an attacker-controlled server to deliver the group’s signature backdoor WizardNet.We提供有关Wwizards与中国公司Dianke Network Security Technology(也称为UPSEC)之间链接的详细信息。