{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"被盜的幾家企業都表示很“懵”。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1 月 12 日,一個名叫 SolarLeaks 網站啓動了,該網站表示正在出售微軟、思科、FireEye 和 SolarWinds 的源代碼以及相關數據。這幾家公司的產品源代碼均被標上了不同的價格,從 5 萬到 60 萬不等,全部打包售賣的價格爲 100 萬美元,並且不支持議價。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"幾家頂級企業的源代碼被盜"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"SolarLeaks 網站聲稱以 60 萬美元的價格出售微軟 2.6G 大小的源代碼和存儲庫。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/79\/79291171947f7373407e3a2a84d471c0.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微軟曾於 1 月 3 日在其博客上發佈消息,表示在其內部環境中檢測到 SolarWinds Orion 平臺供應鏈攻擊期間下載的惡意可執行文件。微軟表示,黑客設法提升了微軟內部網絡裏的訪問權限,因而可以訪問少量內部帳戶,並利用這些帳戶訪問了微軟的源代碼庫。微軟還強調被訪問的帳戶只有查看權限,聲稱黑客沒有對代碼或工程系統進行任何更改,想以此淡化對公司的影響:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“微軟採用一種內部開源(inner source)方法,採用開源軟件開發最佳實踐,有類似的開源文化,使源代碼在微軟內部可見。這意味着我們並不依賴源代碼的保密性來確保產品的安全性,而我們的威脅模型假定攻擊者對源代碼有了解。因此查看源代碼並不意味着風險隨之提高。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但是這次的黑客行動明顯打了微軟的臉:並不是微軟所講的“只有訪問權限,沒什麼大不了的”,黑客不僅查看了代碼,而且還打包下載了相關代碼和數據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外,黑客還聲稱要以 50 萬美元出售思科的多種產品源代碼,甚至包括思科內部的錯誤分析工具。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/4c\/4c839619f4fe232b199e352a4f9a32f3.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"思科隨後表示他們知道 SolarLeaks 網站,但沒有發現相關證據表明攻擊者竊取了他們的源代碼,也沒有證據表示客戶數據被盜。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同時泄漏的還有美國頂級安全公司 FireEye 的紅隊滲透工具,叫價最爲便宜,只要 5 萬美元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/ec\/ec0c204d63ac4dbbbbd05509c9ab5e4f.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"FireEye 曾在去年 12 月 8 日發佈通告稱一個由國家贊助的高度複雜的 APT 組織偷走了他們的紅隊滲透工具。紅隊滲透工具是一種網絡武器庫,能夠複製全球最複雜的黑客攻擊方法,而且大多數工具都被保存在由 FireEye 密切監控的數字保險庫當中。有網安人士表示,黑客可以利用 FireEye 的工具,以合理的方式大肆入侵各類高風險、高知名度目標。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"FireEye 創始人凱文·曼迪亞(Kevin Mandia)還曾在上個月發文說:“雖然攻擊者能夠訪問我們的某些內部系統,但是在我們的調查中,沒有發現證據表明攻擊者從主要系統中竊取了數據。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"打鷹的被鷹啄了眼,此次攻擊對這個頂級安全公司來說堪稱奇恥大辱,凱文·曼迪亞也只能“佩服”黑客的技術太過厲害了:“根據我 25 年的網絡安全經驗和對事件的響應,我得出的結論是,我們目睹了一個擁有一流進攻能力的國家的襲擊。這次攻擊與多年來我們應對的成千上萬起事件不同。攻擊者量身定製了其世界一流的功能,專門針對和攻擊 FireEye。他們在操作安全方面接受過嚴格的培訓,並有紀律和專注地執行。他們祕密採取行動,使用對抗安全工具和法醫檢查的方法。他們使用了我們或我們的合作伙伴過去從未見過的新穎技術組合。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最後 SolarLeaks 網站還說,只要花費 100 萬美元就可以打包買到所有數據,而且不支持議價,“免得浪費我們的時間”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/d2\/d27956bd2be6ee20b1d049ce2adb947c.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"他們還表示未來將分批出售被盜的數據併發布更多信息,沒有全部透露是因爲目前他們還需要保留大部分訪問權限。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"到底是什麼樣的黑客組織"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有研究人員發現\"SolarLeaks\"網站纔剛註冊,使用的域名註冊商是 NJALLA。NJALLA 曾被俄羅斯黑客組織 Fancy Bear 和 Cozy Bear 使用過。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/b6\/b6a2521162f35673d1fda6506d7054c1.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在查看 Solarleaks [。] net 的 WHOIS 記錄時,分配的名稱服務器還會返回“你無法獲得任何信息”這樣的語句,以嘲笑研究人員。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/ec\/ec153dd6b86fc9d6a1b4d9764dc23573.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"網絡安全公司 Rendition Infosec 的總裁傑克·威廉姆斯 (Jake Williams) 表示,此次交易傾向於具有商業價值的數據,而不是從政府機構竊取的情報,可能表明這是一個真實的黑客組織。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/33\/33529c73250f6d2a99f9414d72149471.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於黑客組織的具體信息,美國 FBI、NSA 都認爲來自俄羅斯。因爲 JetBrains 的三位創始人 Sergey Dmitriev、Eugene Belyaev 及 Valentin Kipiatkov 來自俄羅斯,所以上週美國調查機構還懷疑黑客攻擊是通過 JetBrains 旗下的 TeamCity(CI\/CD 服務器)產品,想對 JetBrains 發起調查。JetBrains 的產品也的確應用廣泛,全美財富 100 強公司中有 79 家是 JetBrains 的客戶,有 30 萬家企業的開發人員在使用 JetBrains 的產品,SolarWinds 就是其中之一。隨後,JetBrains 迴應說他們從未以任何方式參與或涉及到黑客攻擊中。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這次被盜代碼的 SolarWinds 也在 1 月 12 日發表博客表示黑客入侵的部署時間可追溯到 2019 年 9 月,從潛伏到代碼售賣,時間長達一年多。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"只是黑客到底是誰,通過軟件開發環境中的什麼流程入侵的,大家還無從得知。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"延伸閱讀:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.bleepingcomputer.com\/news\/security\/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks\/","title":"","type":null},"content":[{"type":"text","text":"https:\/\/www.bleepingcomputer.com\/news\/security\/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks\/"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.secrss.com\/articles\/27717","title":"","type":null},"content":[{"type":"text","text":"https:\/\/www.secrss.com\/articles\/27717"}]}]}]}
事不大侮辱性極強:微軟、思科等企業源代碼被黑客在線售賣,打包價100萬美元
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"被盜的幾家企業都表示很“懵”。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1 月 12 日,一個名叫 SolarLeaks 網站啓動了,該網站表示正在出售微軟、思科、FireEye 和 SolarWinds 的源代碼以及相關數據。這幾家公司的產品源代碼均被標上了不同的價格,從 5 萬到 60 萬不等,全部打包售賣的價格爲 100 萬美元,並且不支持議價。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"幾家頂級企業的源代碼被盜"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"SolarLeaks 網站聲稱以 60 萬美元的價格出售微軟 2.6G 大小的源代碼和存儲庫。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/79\/79291171947f7373407e3a2a84d471c0.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微軟曾於 1 月 3 日在其博客上發佈消息,表示在其內部環境中檢測到 SolarWinds Orion 平臺供應鏈攻擊期間下載的惡意可執行文件。微軟表示,黑客設法提升了微軟內部網絡裏的訪問權限,因而可以訪問少量內部帳戶,並利用這些帳戶訪問了微軟的源代碼庫。微軟還強調被訪問的帳戶只有查看權限,聲稱黑客沒有對代碼或工程系統進行任何更改,想以此淡化對公司的影響:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“微軟採用一種內部開源(inner source)方法,採用開源軟件開發最佳實踐,有類似的開源文化,使源代碼在微軟內部可見。這意味着我們並不依賴源代碼的保密性來確保產品的安全性,而我們的威脅模型假定攻擊者對源代碼有了解。因此查看源代碼並不意味着風險隨之提高。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但是這次的黑客行動明顯打了微軟的臉:並不是微軟所講的“只有訪問權限,沒什麼大不了的”,黑客不僅查看了代碼,而且還打包下載了相關代碼和數據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外,黑客還聲稱要以 50 萬美元出售思科的多種產品源代碼,甚至包括思科內部的錯誤分析工具。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/4c\/4c839619f4fe232b199e352a4f9a32f3.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"思科隨後表示他們知道 SolarLeaks 網站,但沒有發現相關證據表明攻擊者竊取了他們的源代碼,也沒有證據表示客戶數據被盜。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同時泄漏的還有美國頂級安全公司 FireEye 的紅隊滲透工具,叫價最爲便宜,只要 5 萬美元。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/ec\/ec0c204d63ac4dbbbbd05509c9ab5e4f.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"FireEye 曾在去年 12 月 8 日發佈通告稱一個由國家贊助的高度複雜的 APT 組織偷走了他們的紅隊滲透工具。紅隊滲透工具是一種網絡武器庫,能夠複製全球最複雜的黑客攻擊方法,而且大多數工具都被保存在由 FireEye 密切監控的數字保險庫當中。有網安人士表示,黑客可以利用 FireEye 的工具,以合理的方式大肆入侵各類高風險、高知名度目標。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"FireEye 創始人凱文·曼迪亞(Kevin Mandia)還曾在上個月發文說:“雖然攻擊者能夠訪問我們的某些內部系統,但是在我們的調查中,沒有發現證據表明攻擊者從主要系統中竊取了數據。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"打鷹的被鷹啄了眼,此次攻擊對這個頂級安全公司來說堪稱奇恥大辱,凱文·曼迪亞也只能“佩服”黑客的技術太過厲害了:“根據我 25 年的網絡安全經驗和對事件的響應,我得出的結論是,我們目睹了一個擁有一流進攻能力的國家的襲擊。這次攻擊與多年來我們應對的成千上萬起事件不同。攻擊者量身定製了其世界一流的功能,專門針對和攻擊 FireEye。他們在操作安全方面接受過嚴格的培訓,並有紀律和專注地執行。他們祕密採取行動,使用對抗安全工具和法醫檢查的方法。他們使用了我們或我們的合作伙伴過去從未見過的新穎技術組合。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"最後 SolarLeaks 網站還說,只要花費 100 萬美元就可以打包買到所有數據,而且不支持議價,“免得浪費我們的時間”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/d2\/d27956bd2be6ee20b1d049ce2adb947c.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"他們還表示未來將分批出售被盜的數據併發布更多信息,沒有全部透露是因爲目前他們還需要保留大部分訪問權限。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"到底是什麼樣的黑客組織"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有研究人員發現\"SolarLeaks\"網站纔剛註冊,使用的域名註冊商是 NJALLA。NJALLA 曾被俄羅斯黑客組織 Fancy Bear 和 Cozy Bear 使用過。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/b6\/b6a2521162f35673d1fda6506d7054c1.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在查看 Solarleaks [。] net 的 WHOIS 記錄時,分配的名稱服務器還會返回“你無法獲得任何信息”這樣的語句,以嘲笑研究人員。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/ec\/ec153dd6b86fc9d6a1b4d9764dc23573.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"網絡安全公司 Rendition Infosec 的總裁傑克·威廉姆斯 (Jake Williams) 表示,此次交易傾向於具有商業價值的數據,而不是從政府機構竊取的情報,可能表明這是一個真實的黑客組織。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/wechat\/images\/33\/33529c73250f6d2a99f9414d72149471.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於黑客組織的具體信息,美國 FBI、NSA 都認爲來自俄羅斯。因爲 JetBrains 的三位創始人 Sergey Dmitriev、Eugene Belyaev 及 Valentin Kipiatkov 來自俄羅斯,所以上週美國調查機構還懷疑黑客攻擊是通過 JetBrains 旗下的 TeamCity(CI\/CD 服務器)產品,想對 JetBrains 發起調查。JetBrains 的產品也的確應用廣泛,全美財富 100 強公司中有 79 家是 JetBrains 的客戶,有 30 萬家企業的開發人員在使用 JetBrains 的產品,SolarWinds 就是其中之一。隨後,JetBrains 迴應說他們從未以任何方式參與或涉及到黑客攻擊中。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這次被盜代碼的 SolarWinds 也在 1 月 12 日發表博客表示黑客入侵的部署時間可追溯到 2019 年 9 月,從潛伏到代碼售賣,時間長達一年多。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"只是黑客到底是誰,通過軟件開發環境中的什麼流程入侵的,大家還無從得知。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"延伸閱讀:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.bleepingcomputer.com\/news\/security\/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks\/","title":"","type":null},"content":[{"type":"text","text":"https:\/\/www.bleepingcomputer.com\/news\/security\/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks\/"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.secrss.com\/articles\/27717","title":"","type":null},"content":[{"type":"text","text":"https:\/\/www.secrss.com\/articles\/27717"}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章