2022 年,政府支持的網絡攻擊顯著增加。其中許多攻擊是由所謂的高級持續威脅或 APT 實施的。這些團體與政府合作,也可能開展以營利為目的的非法活動。
In 2022, government-backed cyber attacks increased significantly. Many of these attacks were carried out by so-called high-level threats or APTs.
2022 年,外國實體在 DDoS 攻擊、間諜活動、勒索軟件攻擊和關鍵基礎設施漏洞中攻擊其他外國實體。這些攻擊引發了重大的供應鏈中斷,造成數十億美元的損失,並收集了大量信息作為間諜活動的一部分。
In 2022, foreign entities attacked other foreign entities in DDoS attacks, spy activities, extortion software attacks, and key infrastructure loopholes. These attacks caused major disruptions in the supply chain, causing billions of dollars in losses, and collected a great deal of information as part of the espionage campaign.
著眼於 2023 年世界可能面臨的情況,以下是 2022 年發生的 5 次毀滅性 APT 攻擊:
In view of what might happen to the world in 2023, the following five destructive APT attacks occurred in 2022:
Table of Contents
2022 年,最令人震驚的 APT 攻擊之一是由一個名為APT 41 或 Double Dragon的組織實施的。該集團設法從亞洲和非洲的多個國家竊取了價值約 2000 萬美元的 COVID 救助資金。這次攻擊專門針對在大流行期間分發救濟金的銀行、政府機構和其他組織。據信,被盜資金是通過加密貨幣錢包洗錢的,因此難以追踪和追回。
One of the most striking APT attacks in 2022 was the operation of an organization called APT41 or Double Dragon. The group designed to steal about $20 million worth of COVID relief from several countries in Asia and Africa. The attack targeted banks, government institutions, and other organizations that divided grants during the epidemic.
特勤局的聲明表明,APT41 已經活躍了十多年,被認為是國家支持的中國網絡威脅組織,非常擅長執行間諜任務和金融犯罪以謀取私利。網絡專家以及來自多個機構的現任和前任官員已將 APT41 確定為有利於中國政府的網絡間諜活動的“主力軍”。隨著 COVID 救濟基金在 2020 年成為機會的目標,這種威脅變得比以往任何時候都更加相關。
According to a statement by the Secret Service, APT41 has been alive for more than a decade, is considered a state-sponsored Chinese cyber-threat organization, and is very good at spying and financial crimes for personal gain. Internet experts and current and former officials from several institutions have identified APT41 as a “master force” for the Chinese government’s cyber-intelligence activities. With the CIVD Rescue Fund becoming the target of opportunity in 2020, this threat has become more relevant than ever before.
11 月,美國網絡安全和基礎設施安全局 (CISA) 和聯邦調查局 (FBI) 發布了一份關於伊朗高級持續威脅 (APT) 的聯合網絡安全諮詢。名為Rampant Kitten的威脅行為者在 2 月利用一個著名的 Log4Shell 漏洞滲透到 VMware Horizon 服務器。
In November, the United States Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint Internet security query on Iran's high-level and persistent threat (APT). The threatening actors called used a well-known Log4shell gap to penetrate VMware Horizon's server in February.
這導致屬於美國績效系統保護委員會的聯邦網絡遭到破壞。作為回應,CISA 已警告所有未能應用 Log4Shell 補救措施的組織,以防止潛在的危害跡象。 《華盛頓郵報》將受影響的機構確定為美國績效系統保護委員會。這些類型的攻擊凸顯了企業和政府需要持續保持警惕並積極主動地保護關鍵基礎設施。
In response, CISA has warned all organizations that have failed to use Log4Shell to prevent potential damage. The Washington Post identified the affected institutions as the U.S.S.C. Protection Commission.
4 月,聯邦調查局 (FBI)、網絡安全和基礎設施安全局 (CISA) 和美國財政部 (Treasury) 發布的聯合網絡安全諮詢 (CSA) 警告稱,北方的加密貨幣盜竊行為可能引發網絡威脅韓國國家贊助的高級持續威脅 (APT) 組織稱為Lazarus Group、APT38、BlueNoroff 和 Stardust Chollima。
In April, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the United States Department of Finance (Treasury) issued a joint Internet security query (CSA) warning that the theft of encrypted currency in the north was a high-level and persistent threat that could lead to cyber threats against Korean countries' support (APT) organizations called Lazarus Group, APT38, Bluenoroff and Stardust Chollima.
至少從 2020 年開始,該組織就一直以區塊鏈技術和加密貨幣行業的組織為目標,例如加密貨幣交易所、DeFi 協議、玩賺錢的加密貨幣視頻遊戲、投資於加密貨幣的風險投資基金或持有大量數字貨幣的個人或有價值的 NFT。
Since at least 2020, the organization has been targeting organizations in the sector chain technology and crypto-currency industry, such as the Encrypted Currency Exchange, the DeFi agreement, a cash-for-money video game of encrypted currency, a venture capital fund for encryption currency, or a personal or valuable NFT holding large amounts of digital currency.
攻擊者一直在通過各種通信平台使用社會工程來說服受害者下載木馬化的加密貨幣應用程序。這使他們能夠訪問受害者的計算機、傳播惡意軟件並竊取私鑰或利用其他安全漏洞來啟動欺詐性區塊鏈交易。
The attackers have been using social projects through various communication platforms to convince victims to download carouseled encrypted currency applications. This has enabled them to interview their computer, spread malignant software and steal private keys or use other security loopholes to trigger fraudulent chain trading.
2022 年 4 月,伊朗高級持續威脅組織MuddyWater/APT 34發動了由政府資助的網絡攻擊,目標是亞洲、非洲、歐洲和北美多個部門的政府和私營部門組織,隸屬於伊朗情報和安全部(MOIS)。
In April 2022, the high-level Iranian threat organization launched a government-funded cyber attack targeting government and private sector organizations in several ministries in Asia, Africa, Europe and North America, belonging to the Iranian Ministry of Intelligence and Security (MOIS).
隨後,在 2020 年 9 月,美國聯邦政府以伊朗政府支持網絡犯罪活動為由對其實施制裁,他們聲稱這些活動是通過幾個高級持續威脅 (APT) 組織進行的。
Then, in September 2020, the US federal government sanctioned Iranian government support for cyber-crime activities that they claimed were carried out through several high-ranking APT organizations.
具體而言,美國財政部外國資產控制辦公室 (OFAC) 指定伊朗情報和安全部 (MOIS) 至少從 2007 年起就“從事針對美國及其盟友的網絡活動”。
Specifically, the U.S. Treasury Foreign Assets Control Office (OFAC) has designated the Iran Intelligence and Security Department (MOIS) to “act on the Internet against the U.S. and its allies” at least since 2007.
至少從 2020 年 1 月到 2022 年 2 月,美國聯邦調查局 (FBI)、國家安全局 (NSA) 和網絡安全與基礎設施安全局 (CISA) 確定了針對美國的常規網絡攻擊模式清除來自俄羅斯國家贊助的演員的國防承包商 (CDC)。
From at least January 2020 to February 2022, the United States Federal Bureau of Investigation (FBI), the National Security Agency (NSA) and the Agency for Cyber Security and Infrastructure Security (CISA) identified
這些攻擊採用了常見但有效的策略,例如魚叉式網絡釣魚、憑據收集、暴力/密碼噴射技術以及利用安全性較弱的帳戶和網絡中的已知漏洞。攻擊者還以 Microsoft 365 (M365) 環境為目標,通過使用合法憑證和惡意軟件進行數據洩露來維持持久性。 These attacks employ common but effective tactics, such as fork fishing, collection of evidence, violence/passport spraying techniques, and the use of known loopholes in less secure accounts and networks. The attackers also target Microsoft 365 (M365) for environmental sustainability by using legal certificates and malignant software. 上述攻擊在全球造成了重大破壞和數十億美元的損失。它們是出於地緣政治原因和貨幣利益而進行的。很明顯,APT 在未來幾年仍將是一種威脅,必須積極應對,以便公共和私營部門的實體可以將進一步的損害降至最低。? These attacks have caused major damage and billions of dollars in losses around the world. They are being carried out for geopolitical reasons and currency interests. Clearly, the APT will remain a threat in the coming years and must be actively addressed so that the public and private sector entities can minimize further damage.
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论